Stealth Blocking

John Payne john at
Wed May 23 17:15:28 UTC 2001

On Wed, May 23, 2001 at 12:41:52PM -0400, Mitch Halmu wrote:
> On Wed, 23 May 2001, John Payne wrote:
> > If you believe everything you read in slashdot, you're either incredibly
> > naieve or unbelievably clueless.
> Conversely true for anything else you may read. I am not particularily

Like duh.  But I'm willing to give more credence to what the people actually
involved say.

> endorsing any opinions but my own. Yet they seem to have scored with that
> article, judging from the majority of the supportive comments I read.

/.'s supporting you.  OK, thats it, you've convinced me.  Free speach is the
way to go... I'm going to threaten to sue everyone who doesn't listen to
me from now on.

(yeah, right)

> > Just the smallest bit of research in a relevant mailing lists archives
> > would yield the reasons why macromedia was RBL'd and why the listing was
> > removed.  (Macromedia runs unconfirmed mailing lists, mailing lists get
> > people added who don't want to be on the list, people complain to Macromedia,
> > no response, people nominate Macromedia to MAPS, MAPS contacts Macromedia,
> > no response, MAPS adds Macromedia to RBL, Macromedia contacts MAPS, 
> > Macromedia promises to cleanup act, MAPS removes Macromedia from RBL) 
> And you think that justifies the brute force approach? Interestingly, MACR 

What brute force approach?  Nobody is forcing anybody to subscribe to any

> seems to have the means to take them on legally. And perhaps also curious

Wonder why they didn't?  Maybe because they knew they were in the wrong.

> was the hush-hush way it was handled. Were it not for some clued spirits...

>From an outside point of view it was handled like everyother case I've

> Have you ever heard of a dropbox? Would you like several tens of thousands
> of examples?

We're not talking about drop boxes.  We're talking about relay abuse.

> The 'rest of us' have a traditional venue, and that is asking politely
> the ISP in a documented email complaint. How many complaints did you sent
> us? We're not in China, you know...

What difference does the number of complaints I send you make?  RSS
subscribers have decided to not allow any mail from hosts listed on RSS.
There is proof on the RSS website that your mail server is an open relay
and has relayed spam.

You have 2 choices.
1) close your open relay
2) deal with the fact that some people don't want mail from your server.

> > > certainly not because you say so. Not to mention that all instances of 
> > > abuse can be traced from logs to someone's ip, and there is a venue of
> > > complaint with the abuser's provider. We have a valid reason for doing 
> > > so: locking our servers would prevent our customers from roaming, and we 
> > > would also lose a good part of our non-local client base, some of them
> > > subscribed since 1995, who couldn't make full use of their accounts
> > > anymore.
> > 
> > Absolute rubbish.
> No kidding? Prove it is so. I think those arguments are rather valid.

Closing an open relay has nothing to do with stopping your non-local clients
from roaming and still using your relay.  SMTP AUTH, pop-before-smtp, VPN,
ssh tunnel  are just 4 options off the top of my head.

> > Uhhh... so how do you propose that relays are tested to make sure they're
> > closed before being removed from the database?
> This is the very thing they considered abusive just a few months ago.

No it isn't.  Once your server is listed in RSS, the only time MAPS will 
try and relaytest you is if you ask them to remove you.

> Wasn't it MAPS that blocked ORBS for scanning Abovenet's ports in the 
> first place? So now they took their rival's worst rules and made it their 
> own. Now it's my turn to say absolute rubbish.

proactive scanning is a completely different ballgame to reactive testing
on your request.

> > > > Could you be more clueless? 
> > > 
> > > That's just about what I was going to ask you. This is not about the 
> > > merits of some technological implementation over another. It is about
> > > basic rights and freedoms shamelessly trampled upon by those that can
> > > thump their chests the loudest and have Daddy Warbucks bankroll their
> > > operation. Say you fall out of grace with the 'in' crowd tomorrow, could 
> > > it be your turn?
> > 
> > Oh, I'm constantly falling in and out of ORBS and peoples killfiles.
> > Do I particularly care?  Nope... people have a right to block whatever traffic
> > they want from their machines.
> ORBS is a foreign entity. Out of reach. Vixie is ante portas. American, like

So, I still don't see you complaining about being listed in ORBS (which you

> you and me. Blackmailing American providers, breaking state and federal laws 

I'm not American, and I resent you implying that I am (as would most
Exactly what state and federal laws are MAPS breaking?

> with impunity. People that subscribe to the blackhole lists probably have no
> idea who in particular they are blocking or to what extent. Or even why.

Uhh, sure they do.  They're blocking people who meet the criteria for being
in that list.

> > > > If you want to whine some more, is over there ->
> > > > and spam-l is that way <-
> > > 
> > > And you, John Payne, are here. And clearly on the side of the network
> > > operator that's deliberately destroying the connectivity of other networks.
> > > This problem won't just go away, as much as you want it swept under the
> > > rug.
> > 
> > I'm in both those places (and more) as well.  If you want to stalk me at
> > least do others the favour of doing it where your whines stand a chance of
> > being ontopic... and if you're really lucky you might pick up a friend or
> > two on the way.
> Your mail server bounces my messages. Have you thought of that one yet?

Of course, you're mailing me from an open relay.  And yet I'm still replying
to this post.  Oh wait, maybe its coming through the mailing list that you
persist in copying  *duh*

> I'm not stalking you, I'm simply responding to your comments. And if I 
> need a friend, I'd rather buy a dog. I'll name him Lucky.

Too many jokes ... can't decide which to use

Last mail from me to nanog in this thread.

John Payne    john at                    Fax: +44 870 0547954
        To send me mail, use the address in the From: header

More information about the NANOG mailing list