Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Dealing With Anti-Spam Service Extortion?

Unknown Lamer posted about a year and a half ago | from the with-an-axe dept.

The Internet 279

An anonymous reader writes "I work for a European ISP, and lately we're receiving quite a few complaints from customers about not being able to send emails because of UCEProtect's listings. After checking with their site, we found out that our whole AS (!) was blacklisted. Their 'immediate removal policy' asks for money, around 90 euros Per IP for end users and 300 euros for ISPs, and their site has bold statements like 'YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL...' Could this be considered extortion-blackmail ? Has anyone else on Slashdot dealt with this service before?"

cancel ×

279 comments

Sorry! There are no comments related to the filter you selected.

first (-1)

Anonymous Coward | about a year and a half ago | (#42386055)

post

I always go along and pay (-1, Troll)

SpaghettiPattern (609814) | about a year and a half ago | (#42386057)

I always go along and pay. Yes, I'm as yellow as they come. I completely shiver just thinking about it.
Now where are my porn links...

Re:I always go along and pay (5, Interesting)

Anonymous Coward | about a year and a half ago | (#42386079)

I used to run the AHBL (for those wondering, I am Andrew Kirch), my advice is this. UCEProtect isn't a protection scheme. They're just people who run a DNSBL and got tired of dealing with spammers lies for free. I am incredibly sympathetic, though I did not go the same route. I've been lied to, threatened, received death threads, etc. Eventually you stop doing it for free, and since I was unwilling to charge, I simply stopped. If you want to be delisted, pay, if you don't, don't. If one of your customers/friends/whatever is using UCEProtect, you can also contact them and ask them to stop. I've used it in the past, but not on a block outright basis. My policy applies only to my mail server though, and not yours.

Re:I always go along and pay (4, Interesting)

Anonymous Coward | about a year and a half ago | (#42386261)

That could be, but if the listing is inaccurate, they're likely guilty of defamation and probably other things as well if they're keeping the listing as such.

I don't know if in this case the listing is accurate, however, the OP could likely successfully file suit against them.

NEVER trust and AC (5, Informative)

SmallFurryCreature (593017) | about a year and a half ago | (#42386297)

NEVER trust an AC. The TRUTH is RIGHT there on the linked page

FREE OF CHARGE REMOVAL:

There is no need for you to request removal, if you do not want to pay.

Every IP address temporary listed as Level 1 expires automatically 7 days after the last spam email from it hits our SPAMTRAPS. This means your IP address will be removed, lesson learned, no more spam from your computer.

The FREE option is listed FIRST, you ONLY need to pay if you want someone to manually check your SPAM sending IP can be cleared. Spammers LIE, they will abuse ANY complaint system and this costs time and energy.

Spammers rely on the low costs of their operation to remain profitable, they spend nothing and instead leech from others people infrastructure, efforts and time to make their money. The easiest way to combat this is to cost the Spammers time, energy and money. That hurts their profits the most and is the only way to hinder them.

Yes it sucks to hell and back if you are caught in between with your "legit" reasons to run a mass emailer from your own computer. But the needs of the many outweigh the needs of the one. Don't like it? You PAY ME then to deal with spam. You don't want to pay? Well... then what do you want? Email was ruined by the spammers, the old idea of anyone being able to mail anyone else is GONE thanks to them. You fix the spammers then because I am NOT going back to the days when 99% of email hitting my systems was spam.

Frankly there are so many alternatives to sending mass mail from your own system, only highly suspicious people want to go around this. And yes, loss of freedom for one means loss of freedom for all... but the costs associated with combatting spam all on your own are just to big. Installing a DNS blacklist is a cheap reliable option and the number of people hurt by it are statistical rounding errors. Really, nobody I know still uses their own email system but instead uses something like gmail with their own domain name. I use Amazon. And gosh, it just works.

Basically, it all comes down who has to spend time and effort. The recipient or the mailer. Do YOU have to make sure as a sender that your system can send to everyone OR does the recipient have to make sure that he can receive from everyone?

The recipient is the person with the least interest here in case of spam AND indeed in regular emails. If some entity wants to mail me from some home IP in black listed range. What is my motivation in wanting to receive said message? The spammer/sender is the one who needs the message to be received.

AND ALL THIS BLACKLIST REQUIRES: Is that AFTER your system has been caught sending spam, it stops sending spam for 7 days. That is all. Just 7 days without spam. The AC whiner clearly is running a system that sends endless spam. He needs to deal with that and NOT demand the entire rest of the world open their system to his spammy criminal customers.

When you sign up for Amazon EMS there are several security measures in place to avoid you using their systems to send spam. That is because Amazon and other email providers spend a LOT of money making sure their IP range remains unblocked and they do this by having people actively making sure no spam is send through their system.

Is it that difficult to ask that an ISP does the same?

Again yes it sucks if you are caught in between but hey, there are alternatives and YOU are FREE to come up with a better system. In the meantime, I take my DNS blacklist thank you very much and not shed a tear about your home mail setup. Hey, at least it is better then in the old days when many including me would just black list entire regions of the world. Still do for that matter, you would be suprised how much less attempts at hacking you get on a small webserver if you just block Africa, Asia, Middle Eaast, East-block, South-America etc etc. But you might get a legit visitor from those regions! For a local amateur soccer club home page?

My time is money, you want me to spend time on YOUR problem? Pay me. What next, this guy complaining about how hard it is to send bulk mail through people with "Nee/Nee No/No" stickers on their mail box (legally binding method to stop getting bulk mail in Holland (Both unaddressed and local "free" newspapers, with such a sticker only addressed mail and personal mail (individual posting a note) is allowed, everyone else can get a fine.

Re:NEVER trust and AC (0)

Anonymous Coward | about a year and a half ago | (#42386313)

NEVER trust _an_ AC. Several countries in Europe are on my blacklist too.

Re:NEVER trust and AC (0)

Anonymous Coward | about a year and a half ago | (#42386649)

... says the AC.

Re:NEVER trust and AC (3, Insightful)

Anonymous Coward | about a year and a half ago | (#42386347)

It isn't necessarily about their delisting policy, more about their listing policy. UCEProtect also run Backscatterer, which lists based on if you send out of office/bouncebacks to spam mail. This will often bleed over into their 'main' block list.

At the end of the day, if you're blocking people for having the courtesy to set a message that states "I'm out of the office", then you shouldn't be taken seriously as a block list provider.

Re:NEVER trust and AC (0)

Anonymous Coward | about a year and a half ago | (#42386429)

I have the questionable pleasure of experiencing a deluge of backscatter since the rise of the Festi botnet, and I must say that I find the lack of sanity checks on automated replies appalling. It is not a courtesy to autorespond to spam by sending the spam "back" to a person who didn't send it in the first place and gave you all the information you need to clearly and easily establish that fact (Domainkeys / SPF).

There is only one place for automatically sending a message back to the original sender, and that's before accepting the mail in the first place. The sender sends the address information first. Reject the email then and there and include your out of office information with the bounce. Once you've accepted the mail, don't autorespond.

Re:NEVER trust and AC (4, Insightful)

Xenx (2211586) | about a year and a half ago | (#42386693)

I have the questionable pleasure of experiencing a deluge of backscatter since the rise of the Festi botnet, and I must say that I find the lack of sanity checks on automated replies appalling. It is not a courtesy to autorespond to spam by sending the spam "back" to a person who didn't send it in the first place and gave you all the information you need to clearly and easily establish that fact (Domainkeys / SPF).

There is only one place for automatically sending a message back to the original sender, and that's before accepting the mail in the first place. The sender sends the address information first. Reject the email then and there and include your out of office information with the bounce. Once you've accepted the mail, don't autorespond.

I agree about companies needing to push SPF and the like more. Sure, it still can cause some headache supporting.. but it helps address the problem.

As for the second bit, you've got to be joking. First, putting the out of office in the bounceback does nothing to mitigate the issue. You're still receiving an email for each and every bounced email. Second, millions of people have email that is hosted through another company. They realistically cannot set up individual bouncebacks for every single customer.

Re:NEVER trust and AC (1)

Anonymous Coward | about a year and a half ago | (#42386749)

I am not joking. The sending MTA is the only one which can be sure about the actual sender. If you fail to inform the sending MTA before it has finished sending the email, then it's too late to send an automated reply. I don't care if I get spammed directly or through backscatter. If you send out of office replies to people who have not sent email to you, then you're part of the problem. Don't "pseudobounce" mail either. Once your inbound MTA has accepted mail, bouncing that mail is not an option. Proper bounces are created by the sending MTA, not the receiving MTA, and since the sending MTA knows the sender, the bounce isn't sent to some made-up address. When the receiving MTA creates the bounce after accepting mail, then the address that the bounce is sent to is unreliable information.

Re:NEVER trust and AC (1)

silas_moeckel (234313) | about a year and a half ago | (#42386565)

Because checking basic things before sending that sort of thing is hard? If your validating basic things before sending these automated replies your never going to hit these backlists. It's not 1989 anymore you can not just autoreply to every inbound message hell you should not have done it then either.

Re:NEVER trust and AC (0)

Anonymous Coward | about a year and a half ago | (#42386415)

FTQ: "After checking with their site, we found out that our whole AS (!) was blacklisted."

So, if there is *one* low-rate (one message per day) zombie spambox connected somewhere in Comcast LA's AS, the reasonable thing for a blacklist maintainer to do is to blacklist *every* Comcast customer in LA?

Seriously?

Re:NEVER trust and AC (2, Informative)

Guppy06 (410832) | about a year and a half ago | (#42386545)

So, if there is *one* low-rate (one message per day) zombie spambox connected somewhere in Comcast LA's AS, the reasonable thing for a blacklist maintainer to do is to blacklist *every* Comcast customer in LA?

Yes. It's not worth anybody's time and effort to sort through sock puppets beyond that scale. Questions of who is responsible for what falls into the category of "Not my fucking problem."

We have already long since learned that the chainsaw really is preferable to the scalpel when dealing with spam.

Re:NEVER trust and AC (4, Interesting)

realityimpaired (1668397) | about a year and a half ago | (#42386579)

Wouldn't happen with Comcast, because they block outgoing 25, and force everything through their mail server where they can implement sanity and outgoing spam checks.

That, I think, is the point of blocking the entire AS.

ISPs can't work with this (4, Informative)

dutchwhizzman (817898) | about a year and a half ago | (#42386499)

If you run an ISP and use dynamic address allocation, chances are that a low percentage of your users is infected and they appear to be coming from your entire address pool. This will mean that in practice, your entire AS will be blacklisted permanently.

The way it often is solved, is that the abuse department for the ISP sets up a "custom" communications protocol with the blacklist operators. In that protocol, it's usually described how the blacklister deals with IPs (only block individuals, block for $lease_period) and that the ISP will get abuse mail for each of those offending IPs. In return, the ISP will have to take measures to pull the offending machine/customer offline in a very short timeframe, usually well within 24 hrs after the abuse mail has been sent. Often ISPs will have some sort of mechanism that will re-route the customers sending spam into a walled garden environment, in which they can only send mail via the outgoing mail servers of the ISP and not browse the web, apart from web sites of the ISP themselves and anti-virus and update websites and such.

This is by no means a perfect solution, since you are automatically tossing customers in a non net-neutrality setup because some third party triggered your abuse system. However, when configured and tweaked correctly, you get less than 3% false positives and your customers generally appreciate what you do. If you deal openly and swiftly with the false positives, even those tend to agree with your policy, but you have to make sure that you help them quickly and take the blame.

If you have a setup like this working in your environment, getting a "custom" deal with the blacklist admins usually isn't that hard, but you have to take the initiative and prove to them that you do anything reasonably within your power to take care of spammers and zombies, before they will cut you some slack.

Re:NEVER trust and AC (0)

Anonymous Coward | about a year and a half ago | (#42386605)

Yeah block everything except US and western Europe to make you webserver logs clear of those annoying hacking attempts, it will help to secure your webserver so much, as real hackers will never use US socks or VPN, no sir, never. After all, that is what internet is about - local communities! Or maybe just upgrade your software and scripts periodically to be immune to lame script hack attempts, and just do not care about those records in your logs?

Someone is full of himself (-1)

Anonymous Coward | about a year and a half ago | (#42386555)

I used to run the AHBL (for those wondering, I am Andrew Kirch)

I've never heard of it, and never heard of you.
I run hundreds of mail servers, and you find some of my code in both fetchmail and exim.

Re:Someone is full of himself (5, Informative)

Nossie (753694) | about a year and a half ago | (#42386645)

been hiding under a rock much?

http://en.wikipedia.org/wiki/The_Abusive_Hosts_Blocking_List [wikipedia.org] , considering his own name is HARDLY spattered over the internet as a karma whore / full of himself - I would be much more likely to to believe him than some trolling A/C that has what, committed translations from English UK to English US? Of course that is on the assumption that the poster is who he says he is but if you did actually google rather than being arrogant and full of yourself - then you would find that the guy has indeed been rather involved in anti spam lawsuits etc.

http://www.declude.com/Articles.asp?ID=262 [declude.com]
OR
"My name is Andrew D Kirch, I'm one of the founders of the AHBL, and served in that capacity until 2008. I've been harassed, extorted, sued, and defamed by a Mr. Richard Morton Scoville, a resident of San Antonio, Texas for a period of 7 years. During that time I have suffered nearly irreparable damage to my character, and public reputation. I've been questioned by police, and my customers, and I have incurred over $10,000 in legal costs defending myself in court against this person."

So, AC - is your code contributions worth $10k to you?

OR
http://www.ahbl.org/legal/scoville/courtdocs [ahbl.org]

Let me just make another assumption here, You are American and don't know who "Tim" Berners-Lee is either? I actually couldn't care less if you do or don't know who he is - but my point being is you wouldn't do the extra effort to look it up.

not posted anon, because I've not been a pussy since 1994.

Re:I always go along and pay (-1)

flyneye (84093) | about a year and a half ago | (#42386611)

Pardon me for observing this obvious breakdown in communication. Lets see I run an ISP, my customers can't do email because of some dickhead down the line,who filters spam, who now wants way too much money to let my customers have the email that belongs to them.
Simple solution: I visit the proprietor of the spam filter and explain the absurdity of the situation and ask for a better solution. Failing that, the following night, we return with clubs in hand and turn humans to paperweights who undoubtedly perish in an electrical fire that reeks of petroleum.
Problem solved. Doing good and right always has rewards!

Re:I always go along and pay (1)

Anonymous Coward | about a year and a half ago | (#42386667)

A person who raises his fist is a fool who's run out of ideas. How do you live with yourself? I'll be applauding when your ass is sent to jail for an extended period.

People still use blacklists??? (-1)

Anonymous Coward | about a year and a half ago | (#42386065)

Good grief, who in the heck still uses e-mail blacklists in an actual production environment? Those outlived their usefulness over a decade ago. Way too many false positives, and this shows the sort of problems you can encounter when one blacklist decides extortion is fun. There are far better ways to filter for spam.

Re:People still use blacklists??? (1)

redback (15527) | about a year and a half ago | (#42386081)

lots of places use them, and it really shits me.

Most of them list you for stupid reasons, eg having a dynamic ip (even if it is really static, and they will only remove dynamic listings if you are the ip range owner)

Its a constant support hassle for me.

Re:People still use blacklists??? (5, Interesting)

DarwinSurvivor (1752106) | about a year and a half ago | (#42386117)

I get my internet through Shaw which, unless you pay extra, uses dynamic IPs. By dynamic, I mean "technically" dynamic, but keep the same IP for at least 6-8 months at a time. Shaw also uses blacklists, one of which is Spamhaus among others. Shaw has a policy where they reject E-Mail if a SINGLE blacklist has you listed for ANY reason. Spamhaus has this annoying feature where they add all dynamic IP addresses to their blacklist. Basically, shaw is auto-blocking their own f*cking customers and nobody in the tech support chain seems to understand this.

Re:People still use blacklists??? (2)

Ubi_NL (313657) | about a year and a half ago | (#42386151)

I feel your pain, but as a small-time hosting provider the dynamic-IP blocklists reduce spam by about 90%. In reality there are very very few legitimate mail servers located on a dynamic range. You are an unfortunate example. I currently get less than 1 complaint per year on false-positive rejection. For me this is an unfortunate but acceptable loss compared to the large amount of spam I no longer receive.

Re:People still use blacklists??? (3, Funny)

houghi (78078) | about a year and a half ago | (#42386213)

dynamic-IP blocklists reduce spam by about 90%.

I have reduced spam by 100% (Yes, one hundred) by also blocking the fixed IPs.

I don't get any complains as they can only send them by email.

Now if my provider would do the same and blocks this one email, I would not send in a complaint. I would change providers.

And this whole fixed/non fixed IP is just a way of selling things that are not there. We do not use modems anymore, so you will need to have the IPs available anyway. Blocking dynamic IPs will just cause another excuse to ask for extra money for a fixed IP.

Re:People still use blacklists??? (1)

KingMotley (944240) | about a year and a half ago | (#42386237)

Unfortunately, it IS effective. If you are really that concerned about it, then pay the fee to get a fixed IP, or relay your mail to a server than has a fixed IP. It's not expensive.

Re:People still use blacklists??? (0)

Anonymous Coward | about a year and a half ago | (#42386657)

Wooooooooooooooooosh

Re:People still use blacklists??? (1, Insightful)

rsmith-mac (639075) | about a year and a half ago | (#42386225)

Indeed. We use a similar blacklist on our systems and it eliminated a massive chunk of spam from bots trying to reach out and touch you directly.

There just isn't any good reason to be operating a SMTP server on a residential connection; the user either needs to go through their ISP or they need to move to proper hosting in a datacenter (more uptime, static IPs, clearly not an end-user system).

Re:People still use blacklists??? (5, Interesting)

Depili (749436) | about a year and a half ago | (#42386339)

The way this is handled in Finland that each isp has one outgoing SMTP-relay server that you have to use, you can't send the mail directly out. You can receive all the mail you want but the outgoing pipe has restrictions to prevent open/miss-configured servers, works great. (I have my own mail server with such arrangement on a static IP)

If you are a ISP I would suggest a similar arrangement to prevent all your customers sending spam :)

Re:People still use blacklists??? (2)

loufoque (1400831) | about a year and a half ago | (#42386539)

It's like that with most ISPs worldwide. You can still use another SMTP server if you use one with SSL on another port though.

Re:People still use blacklists??? (4, Interesting)

sosume (680416) | about a year and a half ago | (#42386341)

There just isn't any good reason to be operating a SMTP server on a residential connection

In the EU (and probably elsewhere too) there are VERY compelling reasons to do so. ISPs are required by law to store all your e-mail (and other) traffic and make it available to the government at a whim. So much for the basic human right to privacy and private communications (but hey if you're no turrerist you've got nothing to hide eh?) They are still snooping port 25 and probably reading it at the receiving end anyway, but I'll be doing anything in my power to hinder the government from snooping on my private communications.

Re:People still use blacklists??? (2)

johanw (1001493) | about a year and a half ago | (#42386569)

They don't (have to) store your mails, only who you send it to: the traffic data. That in itself is bad enough though, and one of the reasons I run my own mailserver on a provider subdomain. Them setting up reverse DNS incorrectly caused a lot of mail to bounce, but after they corrected it (9 minutes after I mailed them about it, they act very quick) I have not had those problems again.

Re:People still use blacklists??? (1)

Megane (129182) | about a year and a half ago | (#42386677)

There just isn't any good reason to be operating an outbound SMTP server on a residential connection

FTFY. I've always made a point of having fixed IP on my DSL, which is now via AT&T, formerly SBC. I'm not sure that they ever implemented an outbound port 25 block, but it was just an extra line or two in my sendmail m4 config, it was a "good netizen" thing to do, and I was aware that eventually spam blocking was going that way. (In fact, it was much more annoying to find out that some DNS servers failed to find you if your registrar-listed nameserver names weren't also returned by your own nameserver.)

And there isn't much of an excuse for running an inbound one without a fixed IP, but at least if you do run one, your e-mail isn't stored somewhere that a government can declare it "abandoned" if it sits there for six months or some bullshit like that to let them download it wholesale whenever they feel like it.

Re:People still use blacklists??? (0)

Anonymous Coward | about a year and a half ago | (#42386405)

Actually I used to work for Shaw. Most of them understand exactly how it works and why it does what it does to you.
Use their email server. Vancouver for an example uses shawmail.vc.shawcable.net.

What it really comes down to, is they don't care, and shouldn't. People on dynamic IP addresses generally do not need to operate their own mail server. If you really really want to, you'll have to do the responsible thing, get a dedicated IP address, setup reverse DNS PTR etc. This provides security and verification of where the email is coming from. There's a few other services you can setup to properly register your mail server.

It annoyed me at first too as I was running a personal one just for me and my domain, but since I really don't need it I got over it.
If you don't want those things, you're probably a spammer or want to spam, and therefore Shaw has done their job.

Re:People still use blacklists??? (0)

Anonymous Coward | about a year and a half ago | (#42386141)

Indeed. Recently our Rackspace hosted email got blacklisted because one of their subscribers was apparently a bot net zombie or something according to some blacklist. Wasn't even anyone in our organization, but whoever maintained the blacklist shitcanned a whole range of ips and I guess we were just collateral damage. I am wondering if the same thing didn't happen... Rather than a blacklist, maybe it was a blackmail list against rackspace. It did seem to get resolved by them fairly quickly...

Blacklists are among the many reasons why email is simply an antiquated cluster fsck that is broken beyond all hope of repair. How it even functions at all amazes me sometimes. DKIM, spf, etc, are all hacks that are rendered meaningless because of blacklists.

Re:People still use blacklists??? (0)

Anonymous Coward | about a year and a half ago | (#42386345)

Its a warning that you have dynamic IPs. You start opening ports to their mail servers, with ungodly amounts of UCE? Are you really clean? Do you hunt down with fervor anyone using your Internet for UCE? Are you sure?

Its so very easy to find, and see the offending people, or do you have your hands full just getting them connected. I had an ISP who found a co-lo spending spam, and they pulled its plug. The customer never offered to fix their server, or anything.

There is a place to go to find recent incidents from known honeypots: Have you see those?

Re:People still use blacklists??? (2)

JaredOfEuropa (526365) | about a year and a half ago | (#42386105)

You'd be surprised. Apple's MobileMe email uses it, for one. Recently I had an email to my brother's address at me.com blocked because my hosts SMTP server was blacklisted. And only yesterday I exchanged a few emails with an online retailer to get some product info; my 3rd mail suddenly got blocked (by a different blacklist service, who state that dynamic IP addresses are auto-blocked).

I can see why this is a problem for ISPs and hosts. Some people have been claiming the demise of email for years what with Facebook and such, but email is important enough for me to consider switching host, even though it is probably not their fault.

Wel you got enough guns (-1)

Anonymous Coward | about a year and a half ago | (#42386069)

Well you got enough guns over there use them and take em out that is what you seem to like doing as a pass time shoot people because you can ..

Re:Wel you got enough guns (0)

Anonymous Coward | about a year and a half ago | (#42386123)

Well you got enough guns over there use them and take em out that is what you seem to like doing as a pass time shoot people because you can ..

1. The poster lives in Europe, as stated.
2. Us Yanks? Some times we have good reasons, some times they are bad, and some times they are a very good reasons with BAD grammar

Re:Wel you got enough guns (3, Insightful)

solidraven (1633185) | about a year and a half ago | (#42386169)

By all means, take them to court in Europe. These is unfair trade practice. For that alone you can get pretty severe fines. Get a preliminary injunction as well, if possible with a nice daily fine attached to it. If they want to play it like that you should too. We had the same thing happen to us a while back (large IRC network). They blacklisted our mail server so our services couldn't email the users anymore to verify their email address. We threatened to get a preliminary injunction against them and they backed down very quickly. It took a total of 5 minutes between our lawyer sending an email and us being removed from the blacklist.

Re:Wel you got enough guns (2)

Ubi_NL (313657) | about a year and a half ago | (#42386255)

I call BS on that post.

The blacklist people don't block anything. All they do is publish a list with IP addresses. Isn't that covered under your precious free speech thingy?

Its the providers that use the blacklist that you should worry about.

Re:Wel you got enough guns (0)

solidraven (1633185) | about a year and a half ago | (#42386283)

So you call BS on me cause I use the wrong terminology according to you? They do in fact block people, in many instances the blacklists are automatically loaded and many providers do use them cause of the spam problems they're experiencing. They're a very cheap solution to a major problem. Not everybody wants to dish out a lot of money for the latest in smart anti-spam software or hire somebody on staff to constantly update their own anti-spam rules.
Claim it's not a major problem? Setup a mail server on a new domain, create a random email address and publish it on a site with a fairly page ranking on google. To give you an idea: I have received over 100 spam emails in the last 24 hours on my regular email account, and I don't even spread the address of that one around. Sadly it turns out I'm not very interested in viagra, penis enlargements, huge fake DHL invoices, Nigerian princes, UN funding, ... On the other hand I know this nice person who claims to be able to double your money in only 1 month! Oh wait...

Re:Wel you got enough guns (2)

LordLucless (582312) | about a year and a half ago | (#42386423)

They do in fact block people, in many instances the blacklists are automatically loaded and many providers do use them cause of the spam problems they're experiencing.

No, blacklists do not block anyone. The providers are blocking people.

Re:Wel you got enough guns (-1, Flamebait)

Anne Thwacks (531696) | about a year and a half ago | (#42386289)

No.

There is no "Free Speach thingy" in Europe.

Publishing a list of scum that includes you is libellous UNLESS YOU ARE SCUM. (Bear in mind that the IRA sued Channel 4 news for calling them terrorists).

Re:Wel you got enough guns (0)

Anonymous Coward | about a year and a half ago | (#42386533)

Since when is the UK a part of Europe?

Contact local prosecutors (2, Interesting)

Anonymous Coward | about a year and a half ago | (#42386075)

In the US, I'd say what they're doing is restraint of trade. It's kinda like what Yelp does here. People list a business or service. It cost extra to remove negative reports. I avoid them.

While you may not have the resources to deal with these assholes long term, maybe the lawyer will say "litegate" or they may just say "Pay the extortion".

Or you could just find the principles involved and do an Anonymous disclosure on them. Maybe they don't want a bullseye painted on their foreheads or their cars or where their kids go to school. I like this strategy for the Westboro Community Church but you'll have to evaluate if it's OK for these asshats.

Re:Contact local prosecutors (2, Informative)

Anonymous Coward | about a year and a half ago | (#42386671)

www.law.cornell.edu/uscode/text/47/230

They can run this service within the law. Like it or not, it's legal.

Flip side.... (2)

jimpop (27817) | about a year and a half ago | (#42386083)

I'm a receiver, I use UCEProtect to score emails, they help to block a LOT of recent and bleeding edge spam. I don't have to pay them anything for their assistance.

Re:Flip side.... (1)

LourensV (856614) | about a year and a half ago | (#42386121)

How many false positives do you get though? In a classifier, having a high true positive rate is good, but only if it comes with a low false positive rate. It seems that in this case, perhaps there are a few too many false positives.

And with spam that is a real problem (1)

Sycraft-fu (314770) | about a year and a half ago | (#42386135)

You find that when you start turning up spam solutions to high levels, a lot of legit shit gets filtered.

I mean if all you care about is blocking spam, I can give you a 100% solution: Just block "." as in the root of all DNS. No more spam, ever. Of course it also will have a massive false positive rate, you won't get any e-mail at all.

If a spam service just takes the "Block all of the things!" attitude it really isn't that useful overall.

Re:And with spam that is a real problem (2)

silas_moeckel (234313) | about a year and a half ago | (#42386535)

L3 is pretty much reserved for networks that have been spewing ext ream amounts of spam and failed to do anything about it 250 ish are currently listed. Often the non technical guys in charge (also known as PHB's) are willing to ignore outbound spam from paying customers as it costs them nothing and makes them money. L3 is pretty much for those companies that ignore any and all outbound spam those with abuse@ sent to /dev/null as loosing there other customers is the only way to get them to act. As to ratio this AS is probably below 0.2% legit email that's a very low false positive rate even while implementing the most byzantine listing they can come up with.

Re:Flip side.... (1)

jimpop (27817) | about a year and a half ago | (#42386145)

Rarely a FP, perhaps one a year. Like I said, I don't use them (or any RBL) to block, I do use them to aid in scoring.

Re:Flip side.... (4, Insightful)

Anonymous Coward | about a year and a half ago | (#42386253)

There are two kinds of false positives: The individual email kind and the netblock kind. Users care about individual email. They want to receive legitimate email even if it comes from an IP address that belongs to a spam-friendly ISP. Blacklists are more concerned with netblocks. They don't rate individual messages. They rate ISPs. The submitter is affiliated with a hosting cooperative. They're probably not openly spam friendly, but cooperatives are usually short on manpower, so their monitoring and their response times may not make them sufficiently "tough on spam" for some tastes.

If UCEProtect is run properly, then they have evidence of spam coming from that netblock, and if their listing and delisting policies are well defined and implemented, then they are well within their rights to require compensation if an ISP wants them to manually check that they've cleaned up their act and expedite delisting. If UCEProtect is much too trigger happy, then wrongfully accused ISPs should complain to the recipients' ISPs who use UCEProtect to block email and get them to remove or reduce the influence in the scoring. A rogue DNSBL has no power if nobody uses them.

Re:Flip side.... (0)

Guppy06 (410832) | about a year and a half ago | (#42386557)

How many false positives do you get though?

Spam is a problem where false positives generally cost less than false negatives. If there are "few" too many, it is almost always an acceptable loss compared to the alternative.

Re:Flip side.... (0)

Anonymous Coward | about a year and a half ago | (#42386133)

you shouldn`t pay anything, jeez, you should get your share, their biz is based on YOU!

Do you know how hard it is to update their DB? (5, Funny)

hxnwix (652290) | about a year and a half ago | (#42386093)

Adding an IP address to their whitelist is no easy thing. You see, they hire only blind, deaf quadriplegics, so each octet is entered in binary through a mouth open/close morse code interface. But that's only after your request makes it through the queue to be read through tactile forehead tapping tty... Perfectly understandable that these folks detest spam, isn't it?

By some definitions.... (1)

WGFCrafty (1062506) | about a year and a half ago | (#42386103)

By some definitions it sure is, whether that means anything legally where you are located is a "lawyer question."

blackmail [blak-meyl]
noun
1. any payment extorted by intimidation, as by threats of injurious revelations or accusations.
2. the extortion of such payment: He confessed rather than suffer the dishonor of blackmail.
3. a tribute formerly exacted in the north of England and in Scotland by freebooting chiefs for protection from pillage. verb (used with object)
4. to extort money from (a person) by the use of threats.
5. to force or coerce into a particular action, statement, etc

blackmailer, noun
blackmail (blækmel)

1. the act of attempting to obtain money by intimidation, as by threats to disclose discreditable information
2. the exertion of pressure or threats, esp unfairly, in an attempt to influence someone's actions
3. to exact or attempt to exact (money or anything of value) from (a person) by threats or intimidation; extort
4. to attempt to influence the actions of (a person), esp by unfair pressure or threats

Re:By some definitions.... (0)

KingMotley (944240) | about a year and a half ago | (#42386251)

I doubt this would classify as blackmail because there is no "threat". You ARE on the list. They aren't charging you or else they will put you on the list. It's already been done. Now there may be something else illegal about it, but I doubt it would fall under blackmail.

Re:By some definitions.... (3, Informative)

sosume (680416) | about a year and a half ago | (#42386357)

"You will not recieve e-mail during the next seven days UNLESS you agree to pay us 90 euro! No discussion possible!"

Sounds like blackmail to me .. It especially fits the definition "the act of attempting to obtain money by intimidation, as by threats to disclose discreditable information" - they are disclosing discreditable information, possibly even false - namely that you are a spammer, which may or may not be true. I don't think they will be so tough in court. I'd love to see them tried by the way.

Re:By some definitions.... (0)

KingMotley (944240) | about a year and a half ago | (#42386379)

But it doesn't fit that description, because there is no threat to disclose... they ARE already disclosing.

Re:By some definitions.... (1)

sosume (680416) | about a year and a half ago | (#42386457)

The threat is that they will keep disclosing the information UNLESS you pay up.

Re:By some definitions.... (0)

Anonymous Coward | about a year and a half ago | (#42386465)

Compare it to this. Your credit card is blocked because one of the card processing companies has blacklisted your card, not your own bank. You are unable to pay in your local pub, supermarket, etecetera and people will think you are either in debt or a scammer. Even worse, there are posters featuring your name and address for everyone to see stating that you are a criminal. They will stay in public view until you pay USD$ 100. Sounds like extortion or blackmailing to me.

Sue in UK for defamation (1)

Maow (620678) | about a year and a half ago | (#42386109)

Ask your company's legal team about options, such as suing in the UK for defamation.

Just a thought.

How about sending a bunch of spam from a laptop at an open Wifi like Starbucks, where the spam is promoting UCEprotect.org. Send it to/through Gmail and other blacklist organizations. The goal being to get them placed on a spam blacklist...

Either seems preferable to spending 300 Euros for an express de-list. Then, doing it again, etc.

Make sure you monitor out-going email through your ISP's servers so that no spam is being sent by your customers.

Re:Sue in UK for defamation (1)

jopsen (885607) | about a year and a half ago | (#42386275)

How about sending a bunch of spam from a laptop at an open Wifi like Starbucks, where the spam is promoting UCEprotect.org. Send it to/through Gmail and other blacklist organizations. The goal being to get them placed on a spam blacklist...

How about considering the fact that 300 Euros is nothing to an ISP. But it's enough to make it infeasible for spammers to pay up.

Ever considered the fact that UCEprotect might be a legitimate organization? (I wouldn't know)

Sure, the telling people that they are stupid if they claim blackmail and thusly, will not be allowed to delist, might not be the wording a lawyer would have used. But it's probably a lot less evil than the EULAs we click OK to on a daily basis, it least this one is honest :)

PLEASE NOTE THAT THIS IS AN OPTIONAL OFFER ONLY.
YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL, EXTORTION, SCAM OR SIMILAR BULLSHIT.

Also, note that this is an optional fast-track offer. It takes time for them to evaluate whether or not to remove your IP, if you pay that's certainly a good indicator that you're not spamming.
Now again, 300 Euro is of no significance to an ISP.

So what the story here, probably just that the wording used by UCEprotect could be considered unprofessional by some standards.

Excessive smiley faces (4, Insightful)

egcagrac0 (1410377) | about a year and a half ago | (#42386113)

Maybe it's the language barrier, but that seems like a lot of smiley faces and profanity for a professional organization.

Their revenue model seems odd as well - it's almost like they're set up just to extract money from senders.

My instinct is don't pay them, figure out why you got listed, and stop whatever triggered the listing.

If the customers are complaining excessively, consider the unblock fee - once. Definitely terminate the accounts of the spammers.

Re:Excessive smiley faces (1)

jopsen (885607) | about a year and a half ago | (#42386281)

Maybe it's the language barrier, but that seems like a lot of smiley faces and profanity for a professional organization.

Agree, that's the story here...

Re:Excessive smiley faces (3, Insightful)

hvm2hvm (1208954) | about a year and a half ago | (#42386305)

Yep, they remind me of forum/irc operators with a god complex. Example:

We feel sorry for you :-) but it appears that you sent SPAM to the wrong people :-)

Think for a second (0)

SmallFurryCreature (593017) | about a year and a half ago | (#42386319)

As posted elsewhere in this thread, 10 to 1 this is a spam haven ISP. How can he terminate his only customers? Some east block kid thought he could make some fast money renting out a small IP range to spammers, then found it became useless once it got blocked and now he is butthurt the world doesn't allow his get quick rich scheme. Proof me wrong, get the coward to name the company in question. He can't since it would instantly reveal it for what it is.

Re:Think for a second (1)

egcagrac0 (1410377) | about a year and a half ago | (#42386365)

How can he terminate his only customers?

These customers whose actions made conducting business impossible - how can he not terminate them?

Dob them in to Paramount (0)

Anonymous Coward | about a year and a half ago | (#42386161)

They're almost certainly not paying royalties to Paramount for the use of the Borg-9 font in their logo.

The other side of the story? (0)

Anonymous Coward | about a year and a half ago | (#42386177)

It would be helpful to know what abuse your users are supposed to have committed that resulted in the blacklisting. If you're allowing spammers to operate freely, you should be subject to much greater penalty than 300 euros.

Some Suggestions (5, Insightful)

Anonymous Coward | about a year and a half ago | (#42386187)

Firstly, as Pamela Jones over at Groklaw would tell you in a heartbeat, convince someone at your company to take legal advice. If your company is contemplating action of any kind in response to what has happened, it is critically important that you understand that your intended steps will not undermine you at some later date. Only a legal professional can tell you that. So please, get proper legal advice.

Secondly, thinking about the relationship between yourself and the party you believe to be performing the blocking/spam filtering. Is the issue between your company and the third party, or your *clients* and the third party? I can understand that you are coming under fire from your clients, but please refer back to the first point, above.

Third, go get familiar with the relevant legal frameworks. Your legal support, when you hire, them, is going to start asking legal questions. You understand the tech, but take the time to familiarise yourself with the law. Start with: RIPA (the Regulation of Investigatory Powers, which, IIRC, makes it illegal to intercept any communication between two parties), PEC (the Privacy in Electronic Communications Act [2003]), and take a quick look at the DPA (Data Protection Act [1998]) inasmuch as the data being generated and acted upon by the third party [email addresses] was created for the express purpose of *routing email traffic*, not *filtering* email traffic. There may be an argument that the filtering is inappropriate. See how a lawyer (I'm not one) can help you here???

Fourth, are there any professional trade bodies or organisations that both your company and the third party subscribe to (i.e. a UK Association of ISPs) that may have a dispute handling process? Are the two parties able to sit down with an arbitrator? If so, this might be a free service that you could try?

Fifth, if all of the above fail, then use of the Internet in the UK is regulated by various Government departments and Quango Regulators, such as the ICO (Information Commissioner's Office) and Ofcom (the Communications Watchdog). As above if you have taken proper legal advice from a law firm with expertise in this area, they should advise you on the best method of engagement.

I understand that you want to help your clients, but in this case it's critically important that any steps you take don't make it worse. Legal advice must be step 1.

Hope this helps...

Yah... legal advice (4, Interesting)

SmallFurryCreature (593017) | about a year and a half ago | (#42386315)

The guy posts the question as an AC. Why? That is a MAJOR red flag.

Secondly, no consumer ISP would tolerate such a question being asked on a public forum, they have lawyers in house to deal with this kind of stuff, they do NOT Ask Slashdot. Never. No way, no how.

10 to 1 that this is some east European with a couple of servers at a hosting party who hires them out to spammers and now finds his leased servers are useless to those same spammers because his IP range has been blocked and he wants them unbanned to he can continue to rent out his servers to spammers.

DNS block lists do on occasion hurt real newsletters. But this is about a legit newsletter, why is not mentioned? If this is a legit service that is being hurt, why is not mentioned. If it is a legit ISP that is being hurt, why is it not named?

Could it be that this question is posted by an AC with not even a hint about the nature of the hurt party being the very generic label "ISP" is that even the simplest google research would reveal that the ISP in question is a spam haven?

Anyway, a DNS list is just a list of numbers. It is a fact list that does nothing unless someone ELSE uses that list. Listing ip's on a list cannot be illegal and block mail from MY server is perfectly legal as well.

Spammers have tried fighting DNS lists for years now and failed. This question should never even have been asked.

Re:Yah... legal advice (0)

Anonymous Coward | about a year and a half ago | (#42386441)

DNS block lists do on occasion hurt real newsletters. But this is about a legit newsletter, why is not mentioned? If this is a legit service that is being hurt, why is not mentioned. If it is a legit ISP that is being hurt, why is it not named?

Could it be that this question is posted by an AC with not even a hint about the nature of the hurt party being the very generic label "ISP" is that even the simplest google research would reveal that the ISP in question is a spam haven?

The summary already answers that question: 'YOU ARE LOSING YOUR RIGHT TO EXPRESSDELIST YOUR IP IF YOU ARE STUPID AND CLAIMING THIS WOULD BE BLACKMAIL...'

Naming the ISP in the submission text would only get that company blacklisted permanently for bad-mouting the anti-spam service (no, wrapping the "extortion-blackmail" claim into a rhethorical question is no excuse).

Re:Yah... legal advice (1)

Anonymous Coward | about a year and a half ago | (#42386711)

I'm a small east European provider with a few servers, I host everything that is technically legal and allowed by my uplinks, and this does not include spam. DNSBLs are the major pain in the ass, they presume that if I'm small east European provider I must be hosting spammers, they refuse to unlist IP's after offending customer's account was terminated, sometimes just do not respond. Looks like DNSBLs are run mostly by self-righteous assholes, they presume, for example, that online pharmacy - must be spammers, buy expired domain that used to belong to ROKSO spammer - now you are ROKSO spammer and we put all your domains in ROKSO database, and there is no authority above them, they do not have to remove your IP from their db at all, if they do remove your IP - they are doing you a favor. They are internet bullies plain and simple, with the same narrow mindset.

Re:Some Suggestions (0)

Anonymous Coward | about a year and a half ago | (#42386683)

Don't forget this before you start wasting cash

www.law.cornell.edu/uscode/text/47/230

Read it closely (0)

Anonymous Coward | about a year and a half ago | (#42386247)

It tells you plainly how to get delisted for free. But that requires you to do some serious work and find out who you have spamming on your network. Regardless of the legitimacy of the supposed spam, you need to find out who it is sending it and make them stop.

The 7 day waiting period once it stops sucks. But that's their policy if you want it removed for free. Free removal = you stopping the spammer on your network.

Now, if you want to get it removed **faster** than 7 days plus however long it takes you to get the spammer to knock it off, then you have to pay. And in neither case is it guaranteed you will not end up back on the blacklist if someone starts spamming on your network again.

Its not blackmail, its a convenience fee. I'm sure your ISP charges your users some of those for things like getting network techs on site faster and such.

Anti-Spam in scam (0)

Anonymous Coward | about a year and a half ago | (#42386279)

There is not such thing needed as Anti-Spam, just setup greylist with whitelisting and your set.

The service is sound (0)

Anonymous Coward | about a year and a half ago | (#42386291)

If you end up there check why and wait 7 days.

It's not extortion (3)

ThreeGigs (239452) | about a year and a half ago | (#42386295)

Obviously anyone giving you legal advice has failed due diligence. From their site: "Every IP listed will expire 7 days after the LAST abuse is detected, and FREE of charge."

So, find out whoever is spamming, and put a stop to it. It might be different if your ASN is listed, but I'd still be looking for spam sources on your own network.

Re:It's not extortion (0)

Anonymous Coward | about a year and a half ago | (#42386703)

I agree. Stop blaming the people that are trying to clean scrap up and look at your own network, your non management of it and the ethics behind not asking questions of the people that pay you to provide them with the means to spam.

Clean up your network, monitor reports and stop pointing the finger. I run a forum spam prevention service and get this all the time. I am NOT responsible for your mismanagement of your network.

shitty spam service (0)

Anonymous Coward | about a year and a half ago | (#42386321)

They look quite unserious on their support pages. And im suprised some goverments is using them but they might be successfull since they apparentely block whole AS series....
Godaddy did a similar thing some years ago. They blocked the/24 net if they recived spam.
problem was that they required us as customer of an isp to "stop" the offending ip even if it was not
under our control...Since back then i was just the sysadmin of a customer with only few ip numbers.

Anyway call your lawyer first. But they will probably say it is not illegal to use shitty services..Depending on your local country laws.
Put up a big notice in simple language to your customers about what a blacklist is and it is mostly out of your controll.
You could start to block outgoing port 25 and force all to go via a forwarder. But make sure
it works or hire another company that know how to run mailservers 24/7 with high loads and block spam before they go
out on the net.

Disruptive Behaviour and Segmentation (1)

burni2 (1643061) | about a year and a half ago | (#42386323)

Hi,

even those guys from uce-list have honorable goals I think their way of trying of achiving a spam free internet it will hurt the ecosystem of the internet itself.

And especially one aspect "freedom". I distaste spam as many like you being nagged by "Luke" or "Mr. Motumba" with their ideas of marketing, I thought that blacklisting might be a good way to prevent spam, but lately being affected by yahoo & aol filtering out emails sent to people that I know in person(arround 12 per month to the same person), the emails aren't marked as spam, they just don't reach their destined recipient, they just vanish.

Also the behaviour of putting internal communication into public and stating that german law does not apply to them because they are not operating from germany is wrong and is a lie. On their page they state that "bavarian people" make up these lists. Those guys are behaving like outlaws, like those spammers they fight.

But I don't get it like many others here in /. why not using fingerprinting of those messages and statistical methods to identify spam.

Money seems to be a 2ndary option. Clean your net! (0)

Anonymous Coward | about a year and a half ago | (#42386337)

I skimmed their policy pages and it looks like they do remove automatically and free of charge. IF the ISP cleans up their network and makes the spam sending boxes shut up.

There are only three questions.. (0)

Anonymous Coward | about a year and a half ago | (#42386433)

1 - Are they relevant to your operation? If not, ignore.
2 - Are these guys for real? You could just be looking at a scam.
3 - Do you actually HAVE a spam problem? Worth checking anyway. If you're an ISP, all you need is a couple of infected customers and you may end up getting blocked by more than just this outfit (a tactic I disagree with, but I appreciate the sentiment).

I cleaned up an ISP in Hong Kong who had a spam problem, and the size of the problem was really too much for identifying affected clients - we'd be playing whack-a-mole for months. We closed the outbound router for email exit traffic and installed a gateway that did some extra checking. It was then relatively easy to ping back warnings to customers from there that they were having a possible virus infection (it also served as a heads up to those who were spamming for real that the game was up).

block port 25 for residential customers. (0)

Anonymous Coward | about a year and a half ago | (#42386475)

How about blocking port 25 for residential customers and dynamic IP's ? In some countries this is already mandatory.
Using RBLs is so last decade ...

Not blackmail, but libel (1)

dido (9125) | about a year and a half ago | (#42386477)

It looks more like UCEProtect is declaring to its customers that you are a spam haven and that they should not be accepting any mail from your systems. That sounds more they are libeling/slandering you. I am not a lawyer but I imagine an imaginative legal team would be able to sue UCEProtect in that way.

Re:Not blackmail, but libel (2)

strredwolf (532) | about a year and a half ago | (#42386691)

True, but then they'd be hit with proof: The spam that hit the spamtrap from that IP address. They keep those things!

UCEProtect isn't the first one to get sued. It won't be the last.

UCEprotect is spamtrap based (4, Informative)

silas_moeckel (234313) | about a year and a half ago | (#42386507)

Stop sending spam, wait 7 days and your good. Your at level 3 your AS has been spewing spam for awhile and you have done NOTHING to fix it. As an ISP you should be checking all your IPs against all major spam lists and proactively dealing with spam. This will probably mean loosing customers. Some things to consider it's trivial to setup a relay server for your own mail servers outside your AS to keep outbound email going. Look into some technical means like transparent outbound spam filters, outbound port 25 syn rate limiting, or a plethora of other aids. Those clients will all claim it's triple opt in super secret they have everybody's dna on file, they are lies. Remember that spammers are at worst criminals at best have absolutely no morals in either event they have no compunction lying to you. Strengthen your TOS put BIG fines in there for repeated spamming wave them based on your gut and history. Often you need something to push legit companies to fix there issues.

All thing considered getting to l3 means your just ignoring the spam coming from your network. You need to get proactive and fix the root issue of spam spewing from your network. There are plenty of technical methods to avoid the 7 days block that are far cheaper then paying them. At the end of the day spend less energy railing about "blackmail" and more policing your network. If you do not, your facing the internet death penalty and the business needs to go under this is the internet working as intended.

Re:UCEprotect is spamtrap based (0)

Anonymous Coward | about a year and a half ago | (#42386563)

It looks like you are appointing the ISP as the police. But are they?
Is it really their responsibility to assure that their customers are operating to the standards that YOU define?
When you don't want to receive spam, filter it. Don't choose an arbitrary target other than the sender of the spam and start harassing them.

Compromised network (1)

ToAruShiroiNeko (2779207) | about a year and a half ago | (#42386523)

I'd echo the "NEVER trust and AC" post by SmallFurryCreature (593017). I'd further consider the scenario where a few computers or the entire network being compromised. Botnets have been around for a while and are a growing problem. It is possible for individual customers or even ISP owned machines to be infected by botnets that send out spam email in bulk quantities. You may not necessarily have the legal ability to monitor the traffic due to privacy laws. Perhaps you can setup a honeypot of your own or work with people that operate them to figure out which machines are sending out the spam. Does the ISP assign IPs in a dynamic manner? If so the problem may appear larger than it really is to an external viewer. Altering how much IPs change could maybe help as well.

UCEProtect is a spammer. (5, Interesting)

Anonymous Coward | about a year and a half ago | (#42386531)

I've had to deal with UCEProtect in my job as a system administrator. Whenever we got listed it was because their spambots (that send mail coming from the droppatrol.de domain) managed to get a bounce out of our system. We allow our users to forward mail offsite and some do to sites that are far far less permissive then us, and when that happens we properly send the bounce.

I would say that running spam bots, and then asking someone to pay to get off a blacklist that their spambots got you onto, is effectively organized crime type extortion.

More security (1)

ruir (2709173) | about a year and a half ago | (#42386543)

In my opinion any respectable ISP should nowadays block port 25/TCP in the residential blocks to protect it is own customers from being blacklisted, as there are know and better alternatives. Further more, the email servers should run in separate addresses, or better yet, in a different net block. Alas, spammers and configuring it has gotten so time intensive, that in the long run, it gets cheaper to outsource to google. (many people is not aware they still can keep their domain). You can always also do transparent routing in the 25/TCP and filter it through a spam appliance/email server. Block yourself the repeat offenders. Warn the customers. (as I said previously, blocking 25 altogether seems a nicer idea). I would finish saying port 25/SPAM is more a political than a technical problem, however if you dont act on it, it is not of use posting rants as articles in facebook.

Re:More security (0)

Anonymous Coward | about a year and a half ago | (#42386567)

You fail to see that the blocking of port 25 is exactly the thing that then prevents the customers to use the Google services.
Blocking sounds nice but it has more implications than you think of.

Re:More security (1)

Megane (129182) | about a year and a half ago | (#42386721)

Fine. Then add a specific whitelist unblock of outbound port 25 to Google's servers. It's just one more line in the router configs. The point is that residential customers (especially dynamic IPs) have zero need to be able to send outbound port 25 to random addresses. The ISP's outbound mail server doesn't have to be the only "non-random" address.

Internal Spam is the new problem (1)

danielcolchete (1088383) | about a year and a half ago | (#42386633)

Here on my ISP we get the same problem from time to time. We have a very strong antispam policy regarding our own users (about 40k) and they usually understand it. Our main problem right now are hijacked user accounts. So we have systems in place the blocks users/passwords after they start sending spam, but only after a few hundred were already sent (we are improving on that shortly). While this has led to a much lower RBL block rate, we still get one from time to time. In that case we remove that mail server from our cluster for a week. You only get ASN blocked if there are too many IPs sending spams on your network. There is no other way: watch your users, specially the web hosting users (PHP's mail() should be deactivated). RBLs works on the premise that they should block any spam regardless of any other traffic you might have. Reputation systems knows better. In any case, no one will like your network as long as your users keep sending spams. Your only complaint about UCE is because they charge to unblock your IP. The others don't charge and will just not unblock it.

There is a reason you are listed. (5, Insightful)

strredwolf (532) | about a year and a half ago | (#42386685)

There is a reason you are listed:

* You have spam originating from your system for too long of a time.
* You are unresponsive to reports.

So, your entire network range is listed. Everyone is bouncing emails. Everyone is complaining to you, and you've noticed. You've been forwarded the site, and you're contemplating just paying them off... except that it just won't work. You'll be relisted again, and with reason -- someone on your network spammed and nobody's listening.

Thus:

* If you haven't done so, open up abuse@ and point it to somebody with the power to diagnose, disable, and close accounts.
* If the guy behind abuse@ doesn't have said above power, GIVE IT TO HIM.
* If the guy behind abuse@ does, but doesn't use it, FIRE HIM.
* If you haven't done so, disable outbound port 25 at your border router with the exception of an out-bound SMTP server.
* Put an outbound spam filter in place.

If you are unwilling to do the above, then there is one last thing you will eventually do: CLOSE SHOP.

Course of action (1)

gtirloni (1531285) | about a year and a half ago | (#42386699)

1) Determine why you are listed
2) Change your infrastructure to avoid that in the future (port 587, auth, etc)
3) Be patient, watch it work

Net Neutrality (0)

Anonymous Coward | about a year and a half ago | (#42386763)

This is a direct violation of net neutrality laws, at least in the Netherlands. You could take them to court if you live there.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>