Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Osirusoft Blacklists The World

timothy posted more than 10 years ago | from the wildcard-matches-for-evil dept.

Spam 947

ariehk writes "As of today, Osirusoft, distributer of the SPEWS and open relay blocklists, among others, is no longer operational. Servers using these lists (including the FTC) are currently rejecting ALL email. This shutdown seems to be in response to a several-week-long DDoS attack on Osirusoft, SPEWS and others, resulting in both sites being down. This has caused much discussion on n.a.n-a.e, including the suggestion that the attack is somehow related to the SoBig worm. The spammers must be hurting if they can devote these kinds of resources to attacking blocklists." Read on below a related submission.

NSXDavid writes "Earlier today our site mysteriously ended up on Joe Jared's Osirusoft SPAM blacklist which is used by lots of antispam software (like SpamAssassin and sendmail). Since he is currently under a serious DDoS attack, there was no way to appeal this decision. We contacted Mr. Jared by phone who informed us that 'everyone needs to stop using Osirusoft and that he's going to be shutting the service down.' Then he says he's going to blacklist 'the world' (aka, ban *.*.*.*) to get his point across. Later on this evening, he apparently went ahead and did just that. Succumbing to lawsuits and DDoS, a once great blacklist is dead. SpamAssassin is removing it from their config in the next release (rc3) and email admins around the globe are reconfiguring their mail servers."

cancel ×

947 comments

Sorry! There are no comments related to the filter you selected.

SCO: The GNAA-Nigerian connection (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6801548)

Dear Sir/Madam:

I am Mr. Darl McBride currently serving as the president and chief executive officer of the SCO Group, formerly known as Caldera Systems International, in Lindon, Utah, United States of America. I know this letter might surprise you because we have had no previous communications or business dealings before now.

My associates have recently made claim to computer softwares worth an estimated $1 billion U.S. dollars. I am writing to you in confidence because we urgently require your assistance to obtain these funds.

In the early 1970s the American Telephone and Telegraph corporation developed at great expense the computer operating system software known as UNIX. Unfortunately the laws of my country prohibited them from selling these softwares and so their valuable source codes remained privately held. Under a special arrangement some programmers from the California University of Berkeley did add more codes to this operating system, increasing its value, but not in any way to dilute or disparage our full and rightful ownership of these codes, despite any agreement between American Telephone and Telegraph and the California University of Berkeley, which agreement we deny and disavow.

In the year 1984 a change of regime in my country allowed the American Telephone and Telegraph corporation to make profits from these softwares. In the year 1990 ownership of these softwares was transferred to the corporation UNIX System Laboratories. In the year 1993 this corporation was sold to the corporation Novell. In the year 1994 some employees of Novell formed the corporation Caldera Systems International, which began to distribute an upstart operating system known as Linux. In the year 1995 Novell sold the UNIX software codes to SCO. In the year 2001 occurred a separation of SCO, and the SCO brand name and UNIX codes were acquired by the Caldera Systems International, and in the following year the Caldera Systems International was renamed SCO Group, of which i currently serve as chief executive officer.

My associates and I of the SCO Group are therefore the full and rightful owners of the operating system softwares known as UNIX. Our engineers have discovered that no fewer than seventy (70) lines of our valuable and proprietary source codes have appeared in the upstart operating system Linux. As you can plainly see, this gives us a claim on the millions of lines of valuable software codes which comprise this Linux and which has been sold at great profit to very many business enterprises. Our legal experts have advised us that our contribution to these codes is worth an estimated one (1) billion U.S. dollars.

Unfortunately we are having difficulty extracting our funds from these computer softwares. To this effect i have been given the mandate by my colleagues to contact you and ask for your assistance. We are prepared to sell you a share in this enterprise, which will soon be very profitable, that will grant you the rights to use these valuable softwares in your business enterprise. Unfortunately we are not able at this time to set a price on these rights. Therefore it is our respectful suggestion, that you may be immediately a party to this enterprise, before others accept these lucrative terms, that you send us the number of a banking account where we can withdraw funds of a suitable amount to guarantee your participation in this enterprise. As an alternative you may send us the number and expiration date of your major credit card, or you may send to us a signed check from your banking account payable to "SCO Group" and with the amount left blank for us to conveniently supply.

Kindly treat this request as very important and strictly confidential. I honestly assure you that this transaction is 100% legal and risk-free.

Signed, GNAA president

PS. If you have mod points and would like to support GNAA, please moderate this post up.

________________________________________________
| ______________________________________._a,____ |
| _______a_._______a_______aj#0s_____aWY!400.___ |
| __ad#7!!*P____a.d#0a____#!-_#0i___.#!__W#0#___ |
| _j#'_.00#,___4#dP_"#,__j#,__0#Wi___*00P!_"#L,_ |
| _"#ga#9!01___"#01__40,_"4Lj#!_4#g_________"01_ |
| ________"#,___*@`__-N#____`___-!^_____________ |
| _________#1__________?________________________ |
| _________j1___________________________________ |
| ____a,___jk_GAY_NIGGER_ASSOCIATION_OF_AMERICA_ |
| ____!4yaa#l___________________________________ |
| ______-"!^____________________________________ |
` _______________________________________________'

GNAA! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#6801549)

GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the first organization which
gathers GAY NIGGERS from all over America and abroad for one common goal - being GAY NIGGERS.

Are you GAY [klerck.org] ?
Are you a NIGGER [tux.org] ?
Are you a GAY NIGGER [gay-sex-access.com] ?

If you answered "Yes" to any of the above questions, then GNAA (GAY NIGGER ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
Join GNAA (GAY NIGGER ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time GNAA member.
GNAA (GAY NIGGER ASSOCIATION OF AMERICA) is the fastest-growing GAY NIGGER community with THOUSANDS of members all over United States of America. You, too, can be a part of GNAA if you join today!

Why not? It's quick and easy - only 3 simple steps!

First, you have to obtain a copy of GAY NIGGERS FROM OUTER SPACE THE MOVIE [imdb.com] and watch it.

Second, you need to succeed in posting a GNAA "first post" on slashdot.org [slashdot.org] , a popular "news for trolls" website

Third, you need to join the official GNAA irc channel #GNAA on EFNet, and apply for membership.
Talk to one of the ops or any of the other members in the channel to sign up today!

If you are having trouble locating #GNAA, the official GAY NIGGER ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is EFNet, and you can connect to irc.secsup.org or irc.isprime.com as one of the EFNet servers.
If you do not have an IRC client handy, you are free to use the GNAA Java IRC client by clicking here [nero-online.org] .

If you have mod points and would like to support GNAA, please moderate this post up.

This post brought to you by Penisbird [nero-online.org] , a proud member of the GNAA

G_____________________________________naann_______ ________G
N_____________________________nnnaa__nanaaa_______ ________A
A____________________aanana__nannaa_nna_an________ ________Y
A_____________annna_nnnnnan_aan_aa__na__aa________ ________*
G____________nnaana_nnn__nn_aa__nn__na_anaann_MERI CA______N
N___________ana__nn_an___an_aa_anaaannnanaa_______ ________I
A___________aa__ana_nn___nn_nnnnaa___ana__________ ________G
A__________nna__an__na___nn__nnn___SSOCIATION_of__ ________G
G__________ana_naa__an___nnn______________________ ________E
N__________ananan___nn___aan_IGGER________________ ________R
A__________nnna____naa____________________________ ________S
A________nnaa_____anan____________________________ ________*
G________anaannana________________________________ ________A
N________ananaannn_AY_____________________________ ________S
A________ana____nn_________IRC-EFNET-#GNAA________ ________S
A_______nn_____na_________________________________ ________O
*_______aaaan_____________________________________ ________C
um, dolor. Nunc nec nisl. Phasellus blandit tempor augue. Donec arcu orci, adipiscing ac, interdum a, tempus nec, enim. Phasellus placerat iaculis orci. Cras sit amet quam. Sed enim quam, porta quis, aliquet quis, hendrerit ut, sem. Etiam felis tellus, suscipit et, consequat quis, pharetra sit amet, nisl. Aenean arcu massa, lacinia in, dictum eu, pulvinar ac, orci. Mauris at diam tempor ante ullamcorper molestie. Ut dapibus eleifend ipsum. Nam dignissim.

Distributor of Spews? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6801556)

I thought Sla$hdot was distributing taco spew?

fp! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6801559)

Holy crap!
Fuck did I fail it?

pnd scores first post (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#6801565)

pnd > *
mikex0r mikex0r
qed.

YUO FUX0RING FAIL0R IT SUXAS (-1, Troll)

Anonymous Coward | more than 10 years ago | (#6801703)

yuo am teh sux.

Blacklists and reality (5, Insightful)

Dancin_Santa (265275) | more than 10 years ago | (#6801574)

It may take a little more work, but the only solution to spam is the whitelist.

Re:Blacklists and reality (3, Interesting)

Gherald (682277) | more than 10 years ago | (#6801591)

Will yahoo and hotmail be on that whitelist?

Most of the spam I get comes from those domains, or at least it is spoofed to appear its from there.

Re:Blacklists and reality (0)

Anonymous Coward | more than 10 years ago | (#6801616)

Only whitelist addresses, not domains.

Re:Blacklists and reality (1)

Gherald (682277) | more than 10 years ago | (#6801627)

At a personal or server level?

Re:Blacklists and reality (2, Insightful)

Anonymous Coward | more than 10 years ago | (#6801658)

Personal level for personal contacts. e.g. friend@ISP.com, buddy@webmail.com

Server level for business contacts. e.g. client@companyA.com, consultant@companyB.com

It should be easy enough to whitelist all of your friends. Phone contacts are very easy to perform for business.

Re:Blacklists and reality (1)

Gherald (682277) | more than 10 years ago | (#6801700)

Then how could someone post their e-mail on a website or forum and expect others to be able to reach them?

Preemptive whitelisting is usefull for making sure messages do not get wrongly classified as spam by a filter, but I do not see it as being a workable solution to everything.

Re:Blacklists and reality (1, Interesting)

Anonymous Coward | more than 10 years ago | (#6801734)

Lots of sites already do this, actually. Well, not the whitelisting, but an "email address on the website" alternative. Just use a modified form of forum software where instead of the messages getting posted onto the website, you get it posted to a personal spool where it can be retrieved at any convenient time. If the message poster wants to have a return email, they can whitelist the website owner and put their email in their message. It's a workable authentication scheme.

The main problem would be that a determined spammer could post messages at will to a board, but that situation really isn't any different from the current situation where spammers can send emails at will to anyone.

Re:Blacklists and reality (1)

Gherald (682277) | more than 10 years ago | (#6801773)

Still, whitelisting complicates things without effectively solving the problem. It would be like not being able to put your telephone number on a business card.

SMTP is really what needs to go. But that will take years, perhaps a decade.

Re:Blacklists and reality (4, Insightful)

Zeinfeld (263942) | more than 10 years ago | (#6801656)

Will yahoo and hotmail be on that whitelist? Most of the spam I get comes from those domains, or at least it is spoofed to appear its from there.

The vast majority of spam is sent with some form of false address. Developing a way to be able to trust the origin of email is the way to end the spam crisis.

This type of action does not surprise me. SPEWS and the other blacklists are poor solutions to spam because they are in effect private censorship with no accountability. They are also single points of failure for the Internet as today's episode proves.

The backwash caused by this event was huge. It wasn't just spews and spews users who were affected, the load on the backbones was causing severaql nets to brown-out repeatedly.

It is just as well that we did not have as many idiotic 'hack-back' schemes in operation as some have been calling for.

Re:Blacklists and reality (2, Insightful)

lpontiac (173839) | more than 10 years ago | (#6801798)

Developing a way to be able to trust the origin of email is the way to end the spam crisis.

PGP and S/MIME allow you to trust the origin of email. Both have been around for years

Re:Blacklists and reality (5, Insightful)

WolfWithoutAClause (162946) | more than 10 years ago | (#6801592)

What happens when the spammers start using worms and viruses to create open relays on people you trust?

Re:Blacklists and reality (0)

Anonymous Coward | more than 10 years ago | (#6801629)

Optimally, you'd have a manageable list of users so that you could identify the problem and notify them as soon as you notice that something is wrong.

Do we have such a big problem with this kind of thing now?

Re:Blacklists and reality (5, Insightful)

Pig Hogger (10379) | more than 10 years ago | (#6801659)

Whitelists are unworkable. How do you reach someone for the first time?

Re:Blacklists and reality (0)

Anonymous Coward | more than 10 years ago | (#6801682)

I don't want you reaching me if you don't know me.

If you know me, you already know how to get in touch with me.

Wrong (1)

quinkin (601839) | more than 10 years ago | (#6801670)

Whitelist just changes the parity of the information.

A DDoS attack will just as effectively block a whitelist as a blacklist - leaving you in the same information void as currently.

If you meant only that it will help avoid future lawsuits you may be correct.

Q.

Re:Blacklists and reality (1)

geordie (258181) | more than 10 years ago | (#6801690)

The only solution to spam is to stop the spammers.
Everything else is just a bandaid which will eventually be circumvented.

I agree (0)

Anonymous Coward | more than 10 years ago | (#6801701)

The only solution to spam is to stop the spammers.

How do you propose to do that, Einstein?

Re:I agree (1)

geordie (258181) | more than 10 years ago | (#6801763)

I only said that it was the solution.... not that I had the means or ability to implement the solution.
If I could stop the spammers I would be a very happy person ( and probably a pretty popular one too)

Re:I agree (0)

Anonymous Coward | more than 10 years ago | (#6801777)

We don't need means and ability here, we can get plenty of that. What we need are ideas.

Why do you think a whitelist wouldn't work?

Re:Blacklists and reality (0)

Anonymous Coward | more than 10 years ago | (#6801705)

What happens when spammers spoof the addresses of common mailing lists and email addresses of major sites? If spammers start forging spam with return addresses such as "orders@amazon.com", basically we're screwed.

Well, fine, but... (4, Insightful)

Pig Hogger (10379) | more than 10 years ago | (#6801576)

Well, this is fine, but why doesn't Joe Jared tels us HIMSELF to stop using his lists???

The non-communication only breeds rumours.

Re:Well, fine, but... (2, Funny)

Anonymous Coward | more than 10 years ago | (#6801594)

You wouldn't receive the email. Duh.

Re:Well, fine, but... (1, Funny)

Anonymous Coward | more than 10 years ago | (#6801615)

what the hell do you think a "*" entry to 127.0.0.2 for all zones, that reports "Please stop using relays.osirusoft.com" means?

Re:Well, fine, but... (1)

gorbachev (512743) | more than 10 years ago | (#6801689)

He did, several weeks ago.

ya (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#6801578)

5th post biatches!

ouch! (2, Interesting)

Anonymous Coward | more than 10 years ago | (#6801579)

long live whitelisting [spamgourmet.com]

Sweet, Sweet Justice. (5, Insightful)

eyez (119632) | more than 10 years ago | (#6801581)

This isn't any different from any time spews blacklists anybody; They've never claimed to not blacklist legitimate people. And, it's impossible to contact spews to get yourself removed if unfairly blacklisted. Everyone in the world, who has been blacklisted unfairly by spews is now celebrating. Hopefully now, people using spews will realize that spews really is a poor solution to the problem, that causes more harm than it prevents.

Slashdot Censorship (-1, Troll)

Anonymous Coward | more than 10 years ago | (#6801604)

Why was this moderated down? It is a fair expression of opinion.

Oh well, /. moderation continues to be used as a tool of censorship rather than a tool of improving the quality of content.

Re:Slashdot Censorship (0)

Anonymous Coward | more than 10 years ago | (#6801649)

"w30wnzj00.com" ? Sounds like troll...

Re:Slashdot Censorship (1)

empurium (198437) | more than 10 years ago | (#6801688)

Sounds like you should actually LOOK at w30wnzj00.com.

Re:Slashdot Censorship (0)

Anonymous Coward | more than 10 years ago | (#6801745)

But if I try to look at it
they might be able to 0wnz my box!

Re:Slashdot Censorship (0)

Anonymous Coward | more than 10 years ago | (#6801803)

Install OpenBSD first ;)

Re:Sweet, Sweet Justice. (4, Insightful)

paitre (32242) | more than 10 years ago | (#6801613)

Collateral damage, as much as I detest it and is why I do all blocks locally as opposed to using a "published" DNSBL, -works-.
If an ISP has 5000 customers and 3/4 of them are unable to email family at AOL or Yahoo because they're being blocked due to ISP having a spammer or two, the spammers tend to get dropped.
There are exceptions to this, but by and large, collateral damage works.

And like I said, I think it's piss poor policy.

Re:Sweet, Sweet Justice. (5, Insightful)

eyez (119632) | more than 10 years ago | (#6801639)

[i]If an ISP has 5000 customers and 3/4 of them are unable to email family at AOL or Yahoo because they're being blocked due to ISP having a spammer or two, the spammers tend to get dropped.[/i]

Yes, this is indeed a poor policy. SPEWS exists so that the people who are violently against spam can pass the burden of fighting it onto the innocents who aren't as bothered by it.

Re:Sweet, Sweet Justice. (1)

mungtor (306258) | more than 10 years ago | (#6801679)

SPEWS exists so that the people who are violently against spam can pass the burden of fighting it onto the innocents who aren't as bothered by it.

amazingly succinct. If I had mod points, they'd be yours.

Re:Sweet, Sweet Justice. (1)

Acidic_Diarrhea (641390) | more than 10 years ago | (#6801645)

I believe the point the grandparent was alluding to was the fact that once on a blacklist, there is no way to get a domain off a blacklist. So an ISP would root out the spammers and not allow them as customers any longer but then you're still left with a situation where 3/4 of the customers can't contact family at AOL or Yahoo. Blacklists work but, thus far as an implementation, the colleteral damage cannot be corrected.

Re:Sweet, Sweet Justice. (5, Insightful)

gid (5195) | more than 10 years ago | (#6801617)

spews listens to usenet for unblock requests, my work's class c was black listed when we got it. I had to post to usenet, eventually I got a response and was unblocked, but ya, it's kind of a pain. I think spam assassin/filtering is a much better method, but I suppose a dual pronged attack is better, SA can use blacklists to rate email as well I think....

Re:Sweet, Sweet Justice. (1)

Felinoid (16872) | more than 10 years ago | (#6801758)

Thats not helpful to people who don't know they can be reached by usenet (a very strange way to make contact with a single entity you must admit) and even worse for anyone who dosen't know what usenet is.

Re:Sweet, Sweet Justice. (4, Insightful)

Daniel_Staal (609844) | more than 10 years ago | (#6801678)

No, it is different. This one is shutting down, and this is how the operator is making sure that everyone knows it is no longer functional.

It is a public service, of sorts. He is guaranteeing that no one is using the blacklist. That way it can't be misused by someone hijacking it, or just left in place by someone who doesn't care. It is shut down. And everyone will know it.

Re:Sweet, Sweet Justice. (2, Insightful)

Mr Bill (21249) | more than 10 years ago | (#6801764)

And how is this a responsible way of alerting people they should stop using the blacklist???? Anyone using there blacklist will automatically start bouncing all incoming mail based on the fact that every mail server is listed in the blacklist...

This means even more legitimate mail is being bounced or dropped than normally is by mail servers stupid enough to use SPEWS. SPEWS sucks and needs to disappear.

Although I don't agree with the tactics of a DDos, I am happy they are getting a taste of their own medicine.

SPEWS is all about getting other people to fight their battles for them. The are a bunch of fanatics that don't care who they stomp on and anyone who trusts their services should have their head examined.

Good riddance...

Re:Sweet, Sweet Justice. (1)

steeviant (677315) | more than 10 years ago | (#6801761)

Amen to that, Joe Jared is an egomanical cowboy who manipulated the blacklists for personal reasons, goodbye to him and his invitation-only approach to e-mail.

Re:Sweet, Sweet Justice. (0)

Anonymous Coward | more than 10 years ago | (#6801767)

getting 0wn3d is funny!

epilepsy, sweet music, bush, cheney, lieberman, and some other d00d dancing, and some other d00d shaking hands with the k00l-aid mascot! what else could you want?!

JEFF K wins again! (1, Interesting)

Anonymous Coward | more than 10 years ago | (#6801584)

I guess Jeff K [somethingawful.com] and Jerry, with their 1337 h4x0r 5|!11z, have finally retaliated for the blacklisting of somethingawful.com. G

Hmmm..... (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#6801585)

It sounds like we need to start implementing white lists more often.

bunghole (-1, Troll)

Anonymous Coward | more than 10 years ago | (#6801588)

gnaa reccomends anuses cheeses

Whoa (3, Interesting)

josh crawley (537561) | more than 10 years ago | (#6801595)

I'm glad I read this; I got a bounce message earlier saying one of my emails was blocked due to our corp. mail server being blacklisted by relays.osirusoft.com, and I drove myself just about mad trying to figure out how or why.

blah blah hate spam blah blah (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#6801596)


We all know that SMTP is broken and spam will simply grow exponentially until i6ts unusable ( over 50% of all email is spam/uce and thats right now in less than 5years, imagine 10years time)
but no one wants to step up to the plate and actually implement an alternative

dont complain you are bleeding when banging your head against the wall

No Spam.. (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#6801603)

No Spam is good spam :D

now where did that incoming email from the president go....

Fucking SPEWS (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#6801614)

I hope they burn in hell

Speaking of blacklisting... (0, Offtopic)

Naysayer (71120) | more than 10 years ago | (#6801622)

It's August 27th... why isn't Slashdot showing the protest page [ffii.org] , huh?

Re:Speaking of blacklisting... (0)

Anonymous Coward | more than 10 years ago | (#6801638)

Its still August 26th in the real world, friend.

w00t (0)

Anonymous Coward | more than 10 years ago | (#6801623)

Ding dong the witch is dead!

Well, (2, Insightful)

Sebby (238625) | more than 10 years ago | (#6801626)

I never found osirusoft to be too reliable, or accurate in the past (it usually had sites listed as 'spammers' that weren't while all other services didn't list those sites, and there didn't seem to be any appeals process to their own list), so I'm tempted to say 'good riddence', but obviously putting it (and others) out of commission is not a good thing.

Good riddance to bad rubbish (5, Interesting)

Sebastard (142754) | more than 10 years ago | (#6801628)

My co-located server has been blacklisted by SPEWS for months now. And it's only because of a spammer elsewhere on my two-providers-up-the-chain regional ISP. And the spammer is on a different C-class entirely, yet my IP range was still included as punishment to the ISP. The fact that I suffer as a result doesn't matter to these people. Changing providers is not an option for me at this point (long story) so I've just had to live with it. I can't email several friends, and regularly field complaints from people who host on my server.

I believe in fighting spam, and I think that blacklists are a good idea to a certain degree, but I've always felt that SPEWS was too draconian, and had no option for recourse for those of us who were (as they put it) "collateral damage".

I posted to the referred newsgroup a few times, and got nothing but venom from the locals.

I'm not sad to see them go.

Re:Good riddance to bad rubbish (1)

Kishar (83244) | more than 10 years ago | (#6801702)

I posted to the referred newsgroup a few times, and got nothing but venom from the locals.

That's all you'll ever get there, and that's why SPEWS makes that their only means of contact. They want you to get flamed to death as further punishment.

Monopoly (5, Insightful)

yerricde (125198) | more than 10 years ago | (#6801755)

They want you to get flamed to death as further punishment.

"Switch ISPs." So if a major residential cable modem ISP's mail server gets blacklisted, then how is anybody in any of the towns serviced by that cable company supposed to send e-mail to users of ISPs that use SPEWS?

Re:Good riddance to bad rubbish (1)

tomstdenis (446163) | more than 10 years ago | (#6801769)

Not only that but SPEWS [et al.] are optional. I run my own SMTP/POP3 and I simply blacklist IPs manually from abusers [e.g. virus, spammers, etc.].

Ya I still get spam and viruses sent to my box but once I ban their IP [or class C] I never have to hear from them again.

Doing so manually I think is a bit better than letting others pick and choose what to bam. In this case SPEWS is just poorly maintained and could cost business.

Tom

sad news, but there are alternatives (5, Informative)

Indy1 (99447) | more than 10 years ago | (#6801630)

For mail admins around the world try these alternatives.

bl.spamcop.net
one of the best blacklists, it catches a huge % of incoming spam, and virtually no collateral damage.

blackholes.easynet.nl
almost as good as spamcop, and seems to nail a lot of the spam hauses

dynablock.easynet.nl
nukes a lot of the dsl and dialup spammers

argentina.blackholes.us
south american country, what more needs be said ? : )

brazil.blackholes.us
ditto

cn-kr.blackholes.us
china and korea, what more need be said ? : )

turkey.blackholes.us
whole lotta spammers here

sbl.spamhaus.org
a bit too conservative for my tastes, but gets a lot of spam gangs, and has very low collateral damage

bl.reynolds.net.au
if you want to use the spews list, this provides a feed for it

malaysia.blackholes.us
another spammy asian country

wanadoo-fr.blackholes.us
one of the worst european isps

hongkong.blackholes.us
another spammy asian country

Re:sad news, but there are alternatives (0)

Anonymous Coward | more than 10 years ago | (#6801756)

You are a moron. Just because spam comes from other countries there is no reason to blacklist all of their IPs. I get more spam from the United States than from my own country (Brazil).

Re:sad news, but there are alternatives (1)

Czmyt (689032) | more than 10 years ago | (#6801768)

I recommend bl.spamcop.net also although it costs money to use it for business purposes.

matrix.net (1)

bucketoftruth (583696) | more than 10 years ago | (#6801631)

Due to all these viri and ddos's over the last month the reachability index [matrix.net] at xaffire has been pretty rocky. Fun to watch though.

Garbage (5, Insightful)

josh crawley (537561) | more than 10 years ago | (#6801632)

I'm sorry, but this guy is a true blue asshole. My condolences for being DDoSed, but by banning "the world" to try to tell people to stop using his service ASAP, plenty of legitimate non-spam email got blocked, meaning that people may have to resend, and in some cases may not even know their email was missed. That's worse than spamming, people.

Oh, I forgot, the standard propaganda line from these SPEWS.ORG type anti-spam fundamentalists is "we didn't block your email, the ISP using our service did, blame them."

I love spews (0)

Anonymous Coward | more than 10 years ago | (#6801666)

My equipment, my rules. Don't like it? tough shit, you damn spammer.

Re:I love spews (0)

Anonymous Coward | more than 10 years ago | (#6801697)

You are stupid.

SPEWS blacklists innocent people and people who would have to spend hundreds or thousands of dollars to move to non-spammer ISP's. Low-budget sites can't do that everytime a spammer happens to sneak onto an ISP's network.

Re:Garbage (1)

secolactico (519805) | more than 10 years ago | (#6801787)

"we didn't block your email, the ISP using our service did, blame them."


And he does have a point. The blame is entirely on the admin that set up SPEWS as a blocking option. Why trust a third party to maintain your blocklist out of the kindness of their heart?

I'd much rather pay for it. That way, there's a contractual obligation. Accountability is a must in the business world.

However, the only policy I disagreed with SPEWS was the anonymacy (sp) one. While I understand the reasons behind it, I can't quite trust a provider that gives no appeal resource and the removal instruction are far too vague (post a message in a newsgroup and hope for the best).

Well, I guess they'll be picked up by another dsbl provider.

So what DO we do? (5, Interesting)

RealisticWeb.com (557454) | more than 10 years ago | (#6801637)

I would like some serious talk about just what exactly we ARE supposed to do about spam. Government moves too slow to pass an effective law, and the spammers don't abide by the law anyway. Filters don't work effectivly, blacklists are not working either apparently. Does anyone have a usefull suggestion about how to fix this problem?

One idea I've had (or maybe I've heard it somewhere else, I can't remember) is authorization. Change the protocol, or maybe just implement at server, so that before anyone can send you an email they have to request permission. In that request they would identify themselves, and before they start emailing you stuff you would have to send them back permission. Anyone that is in your contact list would automatically be given permission. If it turns out to be spam you could revoke permission. Also analyze the email header and do reverse lookup to see if the domain names resolve properly. If a domain is spoofed, deny it automatically.

Perhaps this has been done before, and I'm sure there are flaws, but I am tierd of hearing about how big a problem this is, without hearing any good ideas about fixing it. Any other thoughts?

Re:So what DO we do? (1)

Basehart (633304) | more than 10 years ago | (#6801720)

When you waste time every day going through the spam that got through your IPS's filters, and your own filters, deciding what is, and what is not actually spam, you are effectively doing what you suggest in paragraph two of your post, namely wasting time going through your mail and deciding what is, and what is not actually spam. The only difference is you would have to notify the non-spammer that you did indeed want them to send you some mail, and how would they know you weren't them spamming them?

Re:So what DO we do? (1)

Basehart (633304) | more than 10 years ago | (#6801733)

IPS should read ISP. Ok, ok, I didn't use the Preview button just this one time and see what happens!

Bayesian Filtering (5, Interesting)

someguy456 (607900) | more than 10 years ago | (#6801648)

I can't completely describe my satisfaction with Bayesian filtering. I've been using SpamBayes [sourceforge.net] for a few weeks w/ Outlook (please don't smite me), and it hasn't let me down. I have received absolutely no spam in my inbox these last couple of weeks. Granted, I built up a collection of >500 unwanted e-mails, but it only took a couple of days :)

blacklists -- bah! (2, Interesting)

jxliv7 (512531) | more than 10 years ago | (#6801650)

Having never been a fan of blacklists, it's good to see one fail.

A blacklist is like the death penalty -- there is no 100% surefire positive no-mistakes without prejudice way to protect the innocent.

Look at the results of blacklists as similar to the casualties produced in a war -- you may kill a good many of the enemy, but how many of them were civilians?

Re:blacklists -- bah! (3, Insightful)

gorbachev (512743) | more than 10 years ago | (#6801715)

If you learn anything by past occurances, all this means is that the next generation of blocklists will be even more BOFHish.

That has been a consistent development since MAPS RBL became d***less. Every single blocklist that followed another one that went down, was more strict than the one it replaced.

Whoever is doing the DDOSing the nameservers of SPEWS and osirusoft is pretty achieving nothing in the end.

SPEWS was shit (1, Insightful)

Anonymous Coward | more than 10 years ago | (#6801655)

It's nice that they tried to fight spam, but when your lists interfere with legitimate business, it's time to back down.
Assholes.

perhaps this is a lesson that needed learned (5, Interesting)

Cogneato (600584) | more than 10 years ago | (#6801660)

As someone who was blocked by both osirusoft and spews as part of their policy of blocking entire IP blocks, I feel no pity for them or for those who use them. In fact, I hope that at least some of them are learning their lessons.

The IP address of my server happened to fall a few dozen numbers away from that of a spammer. As a result, it cost me thousands of dollars in lost time and expenses to track down the issue, contact my isp and have them contact whoever it is on Mt. Self-Righteousness that takes you back off the list. Getting on the lists takes day(s), while getting off the lists takes weeks.

Blocking entire IP blocks is nothing short of techie-terrorism. In other words, you can't convince the real wrong doers to stop, so you harm the innocent bystanders to try to get them to revolt.

SPEWS and those that support them point the finger at the ISP while purposely hurting innocent small businesses like mine. It's time they take responsibility for the tools they provide, and in this way, they are no different than Microsoft.

Re:perhaps this is a lesson that needed learned (2, Insightful)

Todd Knarr (15451) | more than 10 years ago | (#6801735)

How about, instead of contacting your ISP to get you off the list, you contact them about not allowing spammers on their networks in the first place and/or terminating their accounts before the spammer lands the ISP and their customers on a blacklist?

Online intimidation... (2, Informative)

stevens (84346) | more than 10 years ago | (#6801665)

This could turn into the same sort of gang-induced protection rackets as in meatspace. What would a company or individual do if a cracker group sent them an email saying, in effect, "Do $this or you're off the net."

It's hard to see a good technical solution for this. It's a tort--and possibly assault---like any other physical intimidation tactic, and will probably only stop if legal means are brought to bear.

Unfortunately, tort suits are hard to press across continents.

who said the osirusoft list was dead? (0)

Anonymous Coward | more than 10 years ago | (#6801672)

isn't it fairly obvious that Joe simply wants legitimate clients to stop using the zones immediately, so that he can see who the gits doing the DDoS are?

TXT Record. (1)

shird (566377) | more than 10 years ago | (#6801673)

> set querytype=TXT

> 1.2.3.4.relays.osirusoft.com
Server: x.x.x.x
Address: x.x.x.x

Non-authoritative answer:
1.2.3.4.relays.osirusoft.com text = "Please stop using relays.osirusoft.com"

Authoritative answers can be found from:
osirusoft.com nameserver = ns4.osirusoft. etc...
>

Personnaly, Ive never liked blacklists that much. A whitelist system, combined with HashCash to allow people youve never contacted to get on your whitelist is the most ideal solution. The use of HashCash means spammers can't bulk mail millions of people to get on their whitelist, but it is very easy for someone to get on a few peoples whitelist at a time. The guys over at 'camram.org' are working on such a system. I think Microsoft is working on something called 'penny black' or something which does something similar.

Darl responds (-1, Flamebait)

BigFootApe (264256) | more than 10 years ago | (#6801676)

Hah! All you plotters in the Open Source conspiracy will never tell your lies to the FTC! SCO is on a divine mission, supported by God and the American Way! No one may get in our path!

-- "Baghdad" McBride

I got more spam than normal today (1)

bersl2 (689221) | more than 10 years ago | (#6801685)

It's weird... 3x the amount... I got four messages in ten minutes at one point...

good. (0)

Anonymous Coward | more than 10 years ago | (#6801692)

Couldn't have happened to a better registry.

All I know is that every time I had a system
listed with them, I was unable to get it removed
in a timely fashion. Even if the problem
had been resolved.

I remember one time, a client with groupwise called. THey were listed, but they weren't actually relaying. THe server was misconfigured so it took everything it was given, then rejected it later. But even after the problem was fixed, I still couldn't get them off it. THe scripts for testing would always time out, etc.

Maybe it wasn't a spammer that DOSed them. Maybe it was just a pissed off admin that couldn't get de-listed!

trusted signing of mail servers (4, Insightful)

d00dman (653178) | more than 10 years ago | (#6801706)

The coolest way we could stop spam from being distributed is to require mail servers to register with a trusted signer, and do the delivery over ssl. anyone distributing spam via a trusted mailhost would be promptly identified by their ssl signature, and anyone sending mail from an untrusted source could be rejected. there is already enough infrastructure in place for this to occur now. verisign and friends as trusted signers, and smtp-ssl. the only other thing required is the will to put it to work.

Quick Workaround (SpamAssassin) (2, Informative)

Anonymous Coward | more than 10 years ago | (#6801708)

In your prefs file:

score X_OSIRU_OPEN_RELAY 0
score RCVD_IN_OSIRUSOFT_COM 0
score X_OSIRU_DUL 0
score X_OSIRU_SPAM_SRC 0
score X_OSIRU_SPAMWARE_SITE 0
score X_OSIRU_DUL_FH 0

Everything's gonna be all right.

Not going to miss it (1)

_narf_ (21764) | more than 10 years ago | (#6801718)

I once got modded down for saying this, and I'll risk it again. SPEWS rots... good riddance... their policies have always been irresponsible, and offer no reasonable notification or means to dispute a listing.

I'm a happy user of many other RBL style lists... but this one I would never have touched with a 10 foot pole, and I always advocated others do likewise.

Hopefully this final anti-social act of theirs ensures their complete demise.

Mod away....

Maybe it wasn't a DDoS attack (2, Funny)

Yeah-or-something (680196) | more than 10 years ago | (#6801722)

SPEWS probably only had about 2 or 3 IPs left that weren't blacklisted anyway.

Jared blacklists the world? (0)

CPgrower (644022) | more than 10 years ago | (#6801723)

Does this include www.subway.com ?

NNTP (3, Insightful)

poptones (653660) | more than 10 years ago | (#6801731)

I can't resist pointing out that p2p would be an ideal carrier for such "blacklists." Of course, that means the only way anyone is going to make money from it is via donation... and probably not even then, if the lawyers have their way with the author.

I'm willing to bet the big news carriers would give an account to any legitimate operators of such a service. Sign every post from trusted list creators with a public key to ensure validity, and it would be nearly impossible to ddos the service.

Ooooh... what about making the list itself a p2p app? Perhaps this could be a great excuse to motivate some big corps to install some freenet nodes...

little help here? (2)

JeanBaptiste (537955) | more than 10 years ago | (#6801732)

im not in charge of the servers. im just a programmer. my boss is in charge of our 5 servers. i know for a fact one of them is currently being used as a spam relay. its exchange 5.5 on NT.... the reason i suspect this is that there is a large amount of outbound messages rejected, being sent during non-working hours. I shudder to think of the messages that are getting through compared to my reject log.

well im not in charge of the servers, it took several days to convince my boss that there was a problem, several more for him to understand how much this problem sucks...

so if you could tell me how to secure my(bosses) server i would greatly appreciate it... (and yes, i understand linux would not have this problem but that is not an option right now)

i dont want to get blacklisted. the economy sucks enough right now.

Thanks.

Re:little help here? (0)

Anonymous Coward | more than 10 years ago | (#6801757)

Are you sure those 'reject' messages aren't just bounced SoBig virus messages? The virus fakes the return address so that if the message doesnt get through, it bounces back to whoevers address it forged, which in some cases may be yours.

My Postfix Logs (4, Interesting)

Alowishus (34824) | more than 10 years ago | (#6801742)

I run a Postfix setup which uses Osirusoft as one of its blacklists, and going through my maillogs I see that the RBL was unresponsive early on the 24th, and then started answering again later in the day. It was down the 25th and most of the 26th, until it briefly came on and started answering only some of the requests with "blocked using relays.osirusoft.com, reason: Please stop using relays.osirusoft.com". But it wasn't rejecting everything as the 2nd article says - just a subset of our mail. The rejects might even have been legitimate blacklisted IPs - perhaps they just changed the rejection message so admins would see it in their logs?

Additionally Postfix is a smart enough MTA so that during the RBL downtime it didn't reject any mail - the default behavior is to deliver if the RBL can't be contacted.

How *do* we fight spam? (5, Interesting)

michellem (110855) | more than 10 years ago | (#6801748)

Having been myself unfairly blacklisted (not by Spews, but by another list) because of the actions of my ISP, I really have come to have serious issues about the blacklisting process. I understand the principle - get innocent bystanders pissed off at their ISPs, then have them complain to their ISPs, or switch ISPs, and then ISPs change their behavior.

The problem is that many people, for a variety of reasons (geography being one) can't change ISPs, and many ISPs (mine included) did nothing in response to my complaints (because they knew I wasn't going to move). So what does this do? It certainly doesn't help anyone!

I hate spam as much as the next gal, and I think that the SpamAssassin approach (which is to label mail as spam depending upon certain criteria) is a much, much better approach than blacklisting.

Oh, that's great (5, Funny)

El Cubano (631386) | more than 10 years ago | (#6801776)

This shutdown seems to be in response to a several-week-long DDoS attack on Osirusoft,

They guy is dealing with a huge DDoS attack and we link his page from the front page of /. ??

I guess we can't make things any worse, but come on. Give the guy a break.

Written in dust on the e-mail system (1)

hackwrench (573697) | more than 10 years ago | (#6801780)

FIX ME!

temporary SpamAssassin fix (4, Informative)

merlyn (9918) | more than 10 years ago | (#6801781)

Until SA gets updated, you can add this to your local or global config to ensure that Osirusoft is never used:
score X_OSIRU_OPEN_RELAY 0.0
score X_OSIRU_SPAMWARE_SITE 0.0
score X_OSIRU_DUL 0.0
score X_OSIRU_DUL_FH 0.0
score X_OSIRU_SPAM_SRC 0.0
If I'm reading the default configuration correctly, the first two of those checks are non-zero only when relay checking is enabled but bayes is disabled, but you might want to use this entire list just in case.

This have anything to do with changes at Spamhaus? (2, Interesting)

Alowishus (34824) | more than 10 years ago | (#6801796)

I recently saw a copy of this email from the Spamhaus project saying that they would no longer be making their blacklist available through other 3rd parties such as Osirusoft. Perhaps this sparked the shutdown of the Osirusoft project?

Date: Wed, 6 Aug 2003 18:42:07 +0100
From: Steve Linford
To: nanog@merit.edu
Subject: SBL soon only from sbl.spamhaus.org

If you currently use the SBL by querying the master zone
sbl.spamhaus.org then you can ignore this message.

If you are using the SBL via 3rd party composite DNSBLs and not
directly from sbl.spamhaus.org, then please read this as the
following change affects your DNSBL setup.

For a long time the SBL has been available either directly from
Spamhaus (as sbl.spamhaus.org) or via 3rd party composite zones such
as relays.osirusoft.com (as spamhaus.relays.osirusoft.com) and
blackholes.easynet.nl which import SBL data from Spamhaus. This
distribution is now changing. In order to better manage SBL
logistics, DNSBL zone and query traffic, from Monday 11 August 2003
the SBL should only be available from sbl.spamhaus.org.

The fact the SBL was available from multiple DNSBLs was causing some
confusion, plus other small factors (such as the different zones
having different build times - which for example meant that we'd tell
someone an IP had been removed, but they'd contact us a few hours
later to say it was still blocked), plus the likely emergence of
further composite lists which may add confusion, meant that it was
time to make a change now rather than in a year or two.

So, if you are not using sbl.spamhaus.org but would like to continue
using the SBL, please add sbl.spamhaus.org to your mail server's
DNSBL list.

--
Steve Linford
The Spamhaus Project
http://www.spamhaus.org
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>