williams spamhaus blacklist
netadm
netadm at infolink.com
Thu Sep 25 13:02:54 UTC 2003
>> That describes the escalation procedure of SPEWS, but is not at all
>> accurate for the SBL, we do not expand listings sideways into
>> customer space or block whole ISPs [*].
>>
Mr. Linford's Spamhaus has recently blocked our entire ISP because of 2
entities on our network we are working to terminate (it is a bit more
complicated than simply pulling the plug).
In addition, we have recently requested removal of listings once we have
terminated the customer in question, but received no response.
We can vouch for the fact that www.spamhaus.org blocks far more than
just sources of UCE. In our case, it is our entire network.
-----Original Message-----
From: Steve Linford [mailto:linford at spamhaus.org]
Sent: Thursday, September 25, 2003 8:22 AM
To: Hank Nussbacher; nanog at merit.edu
Subject: Re[2]: williams spamhaus blacklist
At 12:50 +0200 (GMT) 25/9/03, Hank Nussbacher wrote:
> AS3339 has a zero tolerance for spamming. With just one spam
> complaint we block the IP in question. We have a downstream customer
> that has many cybercafes in Africa that generate http and smtp spam
> and we block each complaint within 48 hours.
>
> None the less, here is a recent email extract I received from
> someone:
>
> "Hank, I am not a Spamhaus.org representative in any shape or form.
> I do not claim to speak for Spamhaus.org in any capacity. The
> University of xxxxxx is, however, a customer (i.e. as of this
> morning, we block e-mails from IP addresses listed on Spamhaus SBL).
>
> I am just guessing what might happen if the problem is not sorted
> out.
>
> I am sure you already know that the standard escalation procedure for
> many blocklists is first to block the single offending IP address,
> then the immediate smallest block that it is contained in according
> to WHOIS, then the entire block of the ISP, and if that fails to stop
> the spam, then the corporate MXes of the upstream ISP may be
> blocklisted."
That describes the escalation procedure of SPEWS, but is not at all
accurate for the SBL, we do not expand listings sideways into
customer space or block whole ISPs [*].
> Basically, we are being told if we don't drop the customer, our
> corporate MXes will be blocked. I would not call this an "extreme
> case", but it would appear that overzealous anti-spammers are perhaps
> going a bit overboard.
Luckily he claimed up-front to not be speaking for Spamhaus. I can
sympathize with the level of frustration of someone being bombarded
in spam, however we do not run escalations for single spammers
(unless the problem is chronic, but even then we'd always contact the
ISP and exhaust all other avenues).
[*] Although we do not list whole U.S. or European ISPs, that's not
strictly true for other areas of the net the "offshore" spammers have
gravitated to. We are currently leaning on China heavily and are at
this moment blocking large parts of Chinanet Shanghai (online.sh.cn)
ADSL netblocks, as it's the worst of the China spam problems with 120
separate SBL listings all of US-based spammers (all the usual
make-penis-fast crowd) hosted mainly on Shanghai ADSL lines. Spammers
like Alan Ralsky these days pump everything out via
SoBig-opened proxies with everything hosted in China, all run from
Detroit using VPN. The Chinese are now understanding this but it's
taken some time. That escalation should resolve itself 'any moment
now' too as they say they're starting the process of tracking down
and kicking off the hoard of pests they've acquired these last months.
--
Steve Linford
The Spamhaus Project
http://www.spamhaus.org
More information about the NANOG
mailing list