Attn MCI/UUNet - Massive abuse from your network

Thu Jun 24 12:46:24 UTC 2004

spamhaus has gotten too agressive.  Its now preventing too much legitimate 
email.

Curtis

--
Curtis Maurand
mailto:curtis at maurand.com
http://www.maurand.com

On Thu, 24 Jun 2004, Christopher L. Morrow wrote:

>
>
> On Mon, 21 Jun 2004, Ben Browning wrote:
>
>> At 12:28 PM 6/21/2004, Christopher L. Morrow wrote:
>>> the ethics office doesn't need to see your complaints, they don't really
>>> deal with these anyway.
>>
>> I am quite sure that the ethics department does not deal with spam
>> complaints. My complaint is that your stated policy is clearly not being
>> followed. MCI is currently the Number 1 spam source on many lists-
>> certainly, your overall size skews that figure somewhat, but the listings I
>> see (on the SBL anyway, I do not have the many hours needed to read all the
>> documentation SPEWS has to offer) have reports that are at least 6 months
>> old and are still alive...
>
> The sbl lists quite a few /32 entries, while this is nice for blocking
> spam if you choose to use their RBL service I'm not sure it's a good
> measure of 'spamhaus size'. I'm not sure I know of a way to take this
> measurement, but given size and number if IPs that terminate inside AS701
> there certainly are scope issues.
>
> All that said, I'm certainly not saying "spam is good", I also believe
> that over the last 4.5 years uunet's abuse group has done quite a few good
> things with respect to the main spammers.
>
>>
>> As an example, I see a posting that says emailtools.com was alive on
>> 206.67.63.41 in 2000. They aren't there any more... But now:
>>
>> [me at host]$ telnet mail.emailtools.com 25
>> Trying 65.210.168.34...
>> Connected to mail.emailtools.com.
>> Escape character is '^]'.
>
> Sure, customer of a customer we got emailtools.com kicked from their
> original 'home' now they've moved off (probably several times since 2000)
> to another customer. This happens to every ISP, each time they appear we
> start the process to disconnect them. I'm checking on the current status
> of their current home to see why we have either: 1) not gotten complaints
> about them, 2) have not made progress kicking them again.
>
>>> On Mon, 21 Jun 2004, Ben Browning wrote:
>>>
>>>> At 11:42 AM 6/21/2004, Christopher L. Morrow wrote:
>>>>> curious, why did you not send this to the abuse@ alias?
>>>>
>>>> I wanted it to get read.
>>>
>>> messages to abuse@ do infact get read...
>>
>> Allow me to rephrase- I wanted it to be read and hoped someone would act on
>> complaints. I have no doubt MCI is serious about stopping DDOS and other
>> abusive traffic of that ilk- when it comes to proxy hijacking and spamming,
>> though, abuse@ turns a blind eye. What other conclusion can I draw from the
>
> This is not true, the action might not happen in the time you'd like, but
> there are actions being taken. I'd be the first to admit that the
> timelinees are lengthy :( but part of that is the large company process,
> getting all the proper people to realize that this abuse is bad and the
> offendors need to be dealt with.
>
>> 200ish SBL entries under MCI's name? Why else would emailtools.com(for
>> example) still be around despite their wholesale raping of misconfigured
>> proxies?
>
> emailtools will be around in one form or another, all the owner must do is
> purchase 9$ virtual-hosting from some other poor ISP out there who needs
> the money... they may not even know who emailtools is, if that ISP is a
> uunet/mci customer then we'll have to deal with them as well, just like
> their current home. you must realize you can't just snap your fingers and
> make these things go away.
>
>>
>> All I want is a couple of straight-up answers. Why do complaints to uunet
>> go unanswered and the abusers remain connected if, in fact, the complaints
>
> I believe you do get an answer, if not the auto-acks are off still from a
> previous mail flood ;( Please let me know if you are NOT getting ticket
> numbers back. They might be connected still if there were:
> 1) not enough info in the complaints to take action on them
> 2) not enough complaints to terminate the account, but working with the
> downstream to get the problem resolved
> 3) action is awaiting proper approvals.
>
> There might be a few more steps things could be in, but in general all
> complaints that have proper/actionable info are dealt with.
>
>
>> are read? Why has MCI gone from 111 SBL listings as of January 1 to 190 as
>
> I think the answer is shifting winds in spammer homelands, I'll look
> through the list and see if we know about the problem children in the list
> and what we are doing about them.
>
>>
>> If I am a kook and an idiot for wanting a cleaner internet, well then I
>> guess I am a kook and an idiot.
>
> not for that, just for taking this up in the wrong place... but people
> call me kooky too, so maybe I'm just skewed.
>