Spam Blocking/extortion

[HarryD]

Hello friends,

As a service to my fellow PCA Chapter members, I send a periodic e-mail remonder about upcoming events. In my last message, I recieved the following automated response from several of the member ISP's:

"Permanent Failure:
550_Service_unavailable;_Client_host_[204.127.198.35]_blocked_using_dnsbl.sorbs.
net;_Spam_Received_See:_http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=204.127.198
.35"

When I went to the url shown, the fellow running the site has, by some means determined that my ISP is related to spamming and would remove them from the list if they donate $50/spam received to a charity of their choice. While quite noble, the potential for abuse is very high.

I guess this is another case of someone trying to fix one problem by punishing the innocent!

[RickM]

Harry, How do you send? Do you use a bulk mailing utility? If so this would be a trigger for spam detectors.

[HarryD]

Quote:

Originally posted by RickM
Harry, How do you send? Do you use a bulk mailing utility? If so this would be a trigger for spam detectors.

I just send my e-mail via my normal e-mail program (Outlook 98). I have a list of about 500 persons and send it out in 50 person batches.

This is the SORBS database entry:

"204.127.198.35 found in Database of servers sending to spamtrap addresses

Address or Block 204.127.198.35 / 32

Description Subject: * PLEASE KINDLY ASSIST ME

Entry Created Sun Nov 30 18:21:42 2003 GMT

Entry Last Seen Sun Nov 30 18:21:42 2003 GMT

Spam Seen From 204.127.198.35 "

From the looks of this, it would seem that over time every ISP potentially will be listed by these fellows.

[emcon5]

What is happening is your ISP has a poorly configured mail server, acting as an open mail relay. Usually, a server is set up to deliver mail into or out of a domain. Either the sender or a recipient is a user on the system.

An open relay will accept mail from and deliver mail to users outside the domain of the server. This is how most spam is sent.

As a way of preventing spam, some companies subscribe to a service that blacklists open relays, and refuses any mail from a server that is an open relay.

If your ISP doesn't have an open mail relay, they don't get blacklisted. As I understand it, they only get reported to a blacklist company, if they have sent spam and someone complains. It is likely that some of the penis enlargement/refinance/viagra/Paris Hilton sex videos that have been filling up my spam filter (about 8900 since Monday morning) came from your ISP.

You need to complain to your ISP. This is their problem, not yours, and they should fix it.

The $50 thing is a little wierd. Most of the time, you just fix the open relay, and notify the blacklist and they remove you.

Tom

[HarryD]

Tom,

I would think that would be the case, but this particular Spamblocking "service" does not show the issue as an open relay. And yes, I did complain to my ISP (Comcast).

This is a copy of their report on the rejected URL:

"Open HTTP Proxy Server Database [204.127.198.35] No entry found No detail

Open SMTP Relay Server Database [204.127.198.35] No entry found No detail

Open SOCKS (v4 or v5) Server Database [204.127.198.35] No entry found No detail

Misc Open Proxy Server (eg: Wingate/AnalogX) Database [204.127.198.35] No entry found No detail

Database of servers sending to spamtrap addresses [204.127.198.35/32] Found in Database [Active] [Secure]

Database of vulnerable/hacked web servers [204.127.198.35] No entry found No detail

Zombie Networks (Netblocks dis-used and/or hijacked) [204.127.198.35] No entry found No detail

Dynamic IP Space (Cable, DSL & Dial Ups) [204.127.198.35] No entry found No detail

Networks not check & blocked at the request of respective network admins [204.127.198.35] No entry found No detail "


Like I said in my first post, how this appears to work is: someone in your domain sends a spam type message to one of their "spamtraps", they decide it is spam and now want "extortion" to be removed from the database. Since they are in Austrialia, legal pursuit is not a very effective option so what do you do?

Yes, I detest spam but I also detest those that solve the problems by creating a larger one with a greater potential for abuse.

[emcon5]

Quote:

Originally posted by HarryD

Like I said in my first post, how this appears to work is: someone in your domain sends a spam type message to one of their "spamtraps", they decide it is spam and now want "extortion" to be removed from the database. Since they are in Austrialia, legal pursuit is not a very effective option so what do you do?

Yes, I detest spam but I also detest those that solve the problems by creating a larger one with a greater potential for abuse.

I went and poked around their page, and you are absolutely right.

Pretty lame.

Tom

[pwd72s]

Lots of ISP's in Portland Harry. This makes you lucky. Down here in little ol' Lebanon, the selection gets much smaller because with many, on line time is long distance toll time. Broadband at $50 per moon is starting to look better to me...

[HarryD]

Quote:

Originally posted by pwd72s
Lots of ISP's in Portland Harry. This makes you lucky. Down here in little ol' Lebanon, the selection gets much smaller because with many, on line time is long distance toll time. Broadband at $50 per moon is starting to look better to me...

Yeah, don;t I know it. I am using Comcast Broadband. To aviod these clowns, the easy answer is to go to small ISP that is outside the Comcast servers. However, now I need to pay yet another fee on top of my comcast bill. This really sucks!

What really riles me up is the fact that I now wonder if some of my "lost" e-mails to some of my freinds who never responded were intercepted by these (and those like them) jerks and I didn't even know it.