Kuro5hin.org: technology and culture, from the trenches
submit story | your account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership | k5 store

[P]
Anti-Spam or pro DDOS? (Internet)

By The Artificial Kid
Mon Aug 4th, 2003 at 10:20:54 PM EST
Internet

The staff of Somethingawful.com complained to SPEWS, providers of anti-spam IP blacklists for email servers, after they discovered that their IP range had been blocked by the group. SPEWS says somethingawful's hosting arm provided hosting to a customer who subsequently promoted his or her site with spam. Somethingawful says that SPEWS shouldn't be blacklisting such large ranges simply to ensure that no spam gets through. Now SA's admin says that he has been receiving DDOS and possibly account bruteforcing attacks from SPEWS-affiliated IPs since the first complaints were lodged.

 

ADVERTISEMENT
Sponsor: speckz
EForceHosting.Com
Tired of all the features and options that come with your plan but you don't ever use or simply put won't work for you? We might have just what you are looking for! Please contact us and we will put together a custom package for you!
active | buy ad
ADVERTISEMENT

SPEWS operates "spam traps", email addresses designed to capture spam. When spam mail is detected, SPEWS sends a complaint to the originating network. In theory SPEWS sends staged complaints as more and more spam is received from a given source, culminating in a listing for the network on the SPEWS blacklist. The listing, in turn, expands further and further as more spam arrives. This can result in the blocking of large ranges of IPs, even whole hosts.

Unfortunately nobody seems to want to take responsibility for the content of the list. A visit to news.admin.net-abuse.email shows numerous examples of requests for removal from blacklists being ignored or scorned by admins who support SPEWS. The prevailing attitude is that spammers and people who look like spammers can go to hell.

In the case of somethingawful this attitude has been compounded by a somewhat juvenile campaign of message spamming on news.admin.net-abuse.email, which has probably undermined what little hope the site had of being delisted. The spamming was carried out by somethingawful forum members incensed by what they saw as the unfair blocking of the site's email. Obviously this is the wrong response, if only from a PR point of view. But the whole string of events raises a number of important questions about who controls the internet and what they want it to be.

Like any community, many email admins, or at least those who take an active approach to spam-fighting, regard themselves as something of an in-group. Mre importantly they hold a special power that is in some respects unassailable. Short of hacking a provider or breaking into their network centres, most people haveonly supplicant status with respect to the admins who keep their data flowing. The responses to spamming and trolling by SA "minions" in the net-abuse.email newsgroup show that perhaps the worst thing you can do is piss off an admin.

Is there any way to make the power of admins subject to some universal principle or law of the internet? It's hard to say. What separates the internet from so many other aspects of our lives is the fact that it is so heavily mediated. From person to computer to cable to network there is constant control and redirection exerted over data. The equipment and software needed to keep the internet running has to be maintained by somebody, and those people must necessarily have privileged access to the guts of the system.

perhaps what this illustrates best is not the danger of having the system controlled, but the danger of allowing ideology to control the system. When blocking spam becomes more important than maintaining the smooth and effective operation of the system then the system is breaking down. When administrators are concerned more that spammers be punished than that users enjoy reasonably uncluttered access to email, the system is breaking down. And when admins are so zealous about stopping spam that they are prepared to threaten retribution against spammers by both legal and illegal means, the system is breaking down.

Please Help. The author of this story has requested editorial help from you, and the rest of the community. Please read, and post your editorial suggestions below. The author can edit at any time, so some suggestions may already have been fixed when you read them. After editing, the story will continue on to voting as usual.

Sponsors
Voxel dot net
o Managed Servers
o Managed Clusters
o Virtual Hosting
Collocated UNIX Server
$65/Month
o Root on your own FreeBSD or Linux server
o Very fast, triple-homed network
o NO hardware or setup fees, unlimited support
Testimonials from K5 Users

simul
o Moderate Submissions (1/2/3)
o Review Hidden Comments
o User Info
o Your Comments
o Your Stories
o Your Diary
o Your Ads
o New Diary Entry
o New Ad
o New Story
o User Preferences
o Display Preferences
o Comment Preferences
o Renew Subscription
(317 days left)
o Logout simul

simul's Hotlist
Hotlist | Replies | Stories | Diaries

No Hotlisted Stories

Related Links
o news.admin.net-abuse.email
o More on Internet
o Also by The Artificial Kid


View: Display: Sort: Rate?
Anti-Spam or pro DDOS? | 53 comments (33 topical, 20 editorial, 0 hidden) | Post A Comment
Your ISP supports spam... and you support your ISP (none / 0) (#52)
by simul on Tue Aug 5th, 2003 at 11:41:53 AM EST
(kuro5hin-spam@q32.com) http://www.documentroot.com/

You clearly don't understand SPEWS and why it's the only solution, right now, that works to put pressure on ISP's to remove spammers.

When laws change, maybe we won't need spews.... but then the government themselves would be in the process of shutting down your ISP anyway... and you'd be no better off..

Read this book - first 24 pages are free to browse - it rocks
[ Reply to This ]
Editorial: clicked SPAM, (none / 0) (#51)
by vivelame on Tue Aug 5th, 2003 at 11:01:36 AM EST

and will -1 it when it comes to vote: totally clueless wrt to spam, blacklisting & spam support.

--
People like you just fuel my fire.
[ Reply to This | ]
SpamCop (none / 0) (#49)
by starsky on Tue Aug 5th, 2003 at 10:39:51 AM EST

provides a similar service, but domains are removed from the blacklist 48 hours after the last spam report. Seems a good solution to this problem?

[ Reply to This | ]
Editorial: who cares? (none / 0) (#48)
by reklaw on Tue Aug 5th, 2003 at 10:38:53 AM EST
(super elite special user)

Boo hoo, some stupid geeks put you on their blacklist. Might as well sign up for a hotmail account and get over it.


---
In a recent K5 poll of 6 users, every one liked cats better than yahoo! -- fae
[ Reply to This | ]
I just pushed a very special button (none / 0) (#46)
by debacle on Tue Aug 5th, 2003 at 10:27:49 AM EST
(jdrich@acsu.buffalo.edu)

And, by that, you should be able to note that I am anti-Spam.

Welcome to The Ubiquitous Lattice
[ Reply to This | ]
Not quite. (4.00 / 1) (#45)
by talorin on Tue Aug 5th, 2003 at 10:23:21 AM EST

The problem SPEWS has is with SA's hosting, not with SA itself. Somethingawful happens to be a customer of a fairly well-known spamhaus, which is why they got caught in the blacklist. SA's admins complained, and when SPEWS wouldn't give them a special dispensation (read the newsgroups and tell me how often that happens) they ordered the Charge of the Retard Brigade on NANAE. You can argue all day about whether blacklists are good or bad, but ordering that newsgroup flood was a big mistake. I'm just surprised anyone thought that would work. Those newsgroups have been flooded and spammed by professionals.

[ Reply to This | ]
Editorial: Intesting (none / 0) (#41)
by LittleStar on Tue Aug 5th, 2003 at 09:57:12 AM EST
http://www.mfdh.ca/~astra/

It seems that some people/organizations are working out their personal/business issues on kuro5hin. It is sort of like a soap opera unfolding before your eyes. The article and ensuing chatter are interesting although the article could do with a much clearer conclusion.

littlestar.
Twinkle. Twinkle. Twinkle.
[ Reply to This | ]
Editorial: [nh] (none / 0) (#38)
by damballah on Tue Aug 5th, 2003 at 08:53:56 AM EST

Mre importantly they hold a special power that is in some respects unassailable

should be:More importantly...


*******************************************
" I apologize for this long comment. I didn't have the time to make it any shorter. " - Blaise Pascal
[ Reply to This | ]
From news.admin.net-abuse.email: (5.00 / 2) (#30)
by L Satyl on Tue Aug 5th, 2003 at 06:57:53 AM EST

I had nothing against somethingawful.com until you asshats showed up here in news.admin.net-abuse.email (and to a much lesser extent news.admin.net-abuse.blocklisting) representing them.

You fools are doing more damage to somethingawful.com than SPEWS ever could have done. By attacking this newsgroup, read regularly by people who manage some of the world's largest (and smallest and everywhere in between) mail servers, you have managed to get somrthingawful.com (and in many cases, all of 66.117.0.0/19 ) dropped into more "set it and forget it" local blacklists than you can POSSIBLY imagine.

Cogent might eventually clean out its spam sewers and the SPEWS listing may eventually go away; but somethingawful.com (and NHICOLO.COM) will live forever in the DENY lists I maintain.

All because of this atttack, initiated by Zack Parsons.

Wanna shoot your other foot now?
There are people who get it. For all the other people, there's the blacklist. My server, my rules, my blacklist. Get it?

[ Reply to This | ]
This SPEWS nonsense... (4.00 / 1) (#26)
by ti dave on Tue Aug 5th, 2003 at 05:21:39 AM EST
http://ti_dave.lickmy.org/

will come to a screeching halt once Jeff K. gets involved.

Word on the street is that he's *pissed*.

I'm almost drunk enough to go on IRC. ~Herring
[ Reply to This | ]

Reading between the lines (5.00 / 1) (#21)
by mewse on Tue Aug 5th, 2003 at 04:19:24 AM EST

Are you honestly claiming that I don't have the right to decide from whom to receive e-mail on my own server? Please tell me that's not what you're saying.

Because that's idiotic.

"Law of the Internet"? "Universal Principle"? How about: It's my damn computer, and I'll accept your e-mail or not at my own discretion, and if you don't like my choice, then that's too bad. I'm not damaging your person, your property, or breaking any laws. So I don't see how you can cry foul and expect to be taken seriously.

And incidentally, if you're going to claim that SPEWS DDOSed somebody in large alarmist letters in the story title, you might want to back that up with a little evidence inside the article.

Just a thought.

[ Reply to This | ]
Editorial: -1, doesn't understand the meanining (none / 0) (#20)
by i on Tue Aug 5th, 2003 at 04:09:18 AM EST
icbm://32°47':35°00'

of the term Denial of Service.
--
"There is no fortress a noble man cannot storm" -- Kong Tze, Lun Yu (XXII, 13)

[ Reply to This | ]
Editorial: -1 (5.00 / 1) (#18)
by kjb on Tue Aug 5th, 2003 at 03:39:46 AM EST
(kjb@spamcop.net) http://amishrakefight.org/gfy/

Anti-Spam or pro DDOS?

For starters, the title is misleading.

As others have shown in the comments, your body is misleading.

In short,
fuck off.


--
They say it ain't a party 'til the party enema
[ Reply to This | ]
No. (5.00 / 4) (#17)
by Nova Reticulis on Tue Aug 5th, 2003 at 03:10:23 AM EST
(nova-k5@poly.shacknet.nu)

You are misrepresenting the anti-spam community as a whole and SPEWS in particular. SPEWS does not communicate with anyone . Not with somethingawful.com, not with anyone else. No one knows who SPEWS is or where it resides. SPEWS admin did not complain about being DDOSed simply because SPEWS administration does not ever communicate with anyone outside of SPEWS. You have not executed due diligence. The specific post that says "SPEWS apologizes", as well as all other posts with people commenting on SPEWS, always contains "I am not SPEWS" or something similar. Unless you hang around in NANAE long enough to be able to recognize Tok Pisin jokes, I suggest you do not comment on matters that you haven't studied sufficiently. Who said SPEWS operates spamtraps? In fact, we do not even know how exactly SPEWS work. The concept of SPEWS expanding listings is misrepresented. Please spend a couple of months in NANAE before making devastating comments in public. Also read the FAQ at the SPEWS website. There is no reason whatsoever for you or anyone else to try and keep network administrators in check. You're not one and you won't be telling them how to do their job. You especially have no rightful claim against SPEWS. Please read the following carefully because many people fail to understand what is it all about (and it's something that gets explained in NANAE about 10 times a day to different new posters, too bad you didn't care to find out before posting to K5).
  1. SPEWS is a privately operated and maintained blacklist that adheres to specific regulations that are published on SPEWS website. As far as I know, there's no known case where SPEWS made a mistake or deliberarely ignored its own regulations. SPEWS operates exactly as it says. All attempts to blame SPEWS always turn out to be due to laziness, cluelessness or malicious intent of people who blame SPEWS
  2. The blocking is done by the mail servers themselves because your network administrators chose to use SPEWS. SPEWS does not block anyone. Your network administrators do by way of trusting to SPEWS. If you don't like what they do, change ISPs.
  3. Not only the argument about SPEWS being guilty of anything is ridiculous, but even the question itself can not be raised because, again, SPEWS is an advisory list. If SPEWS were that bad, admins wouldn't be using it. SPEWS is by far the most effective tool we have against spammers, short of Internet Death Penalty.
  4. No network other than your own ISP has a contractual obligation to you or anyone else to carry your email. My network, my rules. Yes, you heard it right. You buy connectivity from your ISP and that's it. No one else is required, neither by law nor by logic, to carry your traffic. Internet is a voluntary cooperation of networks.
You fail to understand that controlling spam *IS* maintaining smooth and clear operation of the networks. You do not understand the extent of damage the spammers do. The only way to prevent it is to punish rogue ISPs who encourage spammers. With all said above, I am voting this article up in hope that other people will read it and understand your mistake.

[ Reply to This | ]
Editorial: Comments (none / 0) (#16)
by motty on Tue Aug 5th, 2003 at 02:04:01 AM EST
http://www.waz.easynet.co.uk/

First you need to capitalise the first word of the last paragraph.

The article would also be strengthened by some more references - at least provide links to somethingawful.com and the website of their provider that is at the heart of this. You should also provide links to show where the claims made by somethingawful.com about DDOSing originate from. Since, as I understand it, SPEWS is a list of known spammer IPs, what are 'SPEWS affiliated IP's'?

You also need to do something about the fact that after a quick look at the newsgroup, it does look awfully like the problem here is firstly that somethingawful.com do seem to have chosen to be hosted with a spamhaus, and secondly, that unleashing their forum crowd on a news.admin.* newsgroup as a result of a problem with SPEWS was so mindblowingly stupid and self-destructive as to beggar description. Doing that has created a far worse problem for somethingawful.com.

The sad part of the story is that many of the nanae regulars seemed to be saying things like 'I've always liked somethingawful.com until now.' I hope they've noticed that over at somethingawful.com. I've also always liked somethingawful.com. I hope they figure out a way of getting out of this, though I can't see how they're going to do it. Writing something funny about the internet on the front page may not be enough this time.

There may be issues with SPEWS, but this story does not illustrate them. "IP In Same Block As Spammer Gets Blocked," isn't quite the story here. "Tech Newsgroup and Joke Website Community Clash, Joke Website Loses," is.
s/^.*$//sig;#)
[ Reply to This | ]
Very Nice. (2.50 / 4) (#5)
by Motekye on Tue Aug 5th, 2003 at 12:02:10 AM EST
(motekye@mail.com)

Looking past a few spelling/gramar and consistency indescrepencies, I thought this article was insightful and informative.

I never really pegged system admins as the corrupt-politician type — nor did I think that they would abuse their black-listing power. This is another example of internet-bullyism which turns potential new-comers off the social aspects of the net and makes me sick to the stomach.

Besides, I thought Denial of Service attacks were illegal; desipte the moral side the war on spam that the admins may be on. Methinks some 'real' law enforcement should be brought in to curb these attacks and punish these stray admins.

~~~~~~~~~~~~~~~~
If the universe is in balance...
When one person is happy, another is miserable, when one person is miserable, another is happy...
Therefore, I'm always pissy because I'm so friggin' generous!

[ Reply to This | ]
SPEWS is strong medicine for strong sickness (3.66 / 3) (#4)
by grout on Tue Aug 5th, 2003 at 12:01:26 AM EST
(chip@pobox.com) http://pobox.com/~chip/

Spam is a threat to the very operation of mail. SPEWS is an ever bigger mallet applied to the nads of spammers -- and those who support them. In the process, people who didn't realize they were supporting spammers (directly or indirectly) get inconvenienced. This is necessary, because without the application of adequate pain to a beast, it won't move.

I know what it's like to be collateral damage. Because my colo company (HE.NET) was slow to boot one spammer, my server got listed in SPEWS for a while. Yes I was pissed ... at my colo for letting their greed interfere with my quality of service. Not at SPEWS. SPEWS is just keeping a list of who's naughty and nice.
--
Chip Salzenberg, Free-Floating Agent of Chaos
[ Reply to This | ]
Editorial: article is a bit confusing (none / 0) (#3)
by gokul on Mon Aug 4th, 2003 at 10:55:43 PM EST
(gpoduvalAThotmail.com)

The article is a bit confusing at the first reading. You have not explained what SPEWS and somethingawful.com actually do. Also, it is not clear what you mean by SPEWS affiliated IPs.

[ Reply to This | ]
Editorial: don't repeat the first paragraph in the body. (5.00 / 2) (#1)
by lakeland on Mon Aug 4th, 2003 at 10:25:08 PM EST
(kuro5hin@lakeland.hopto.org) http://lakeland.hopto.org/

don't repeat the first paragraph in the body.

[ Reply to This | ]
Anti-Spam or pro DDOS? | 53 comments (33 topical, 20 editorial, 0 hidden) | Post A Comment
View: Display: Sort: Rate?

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest © 2000 - 2002 Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
Registered at the post office as:

Powered by Scoop submit story | create account | help/FAQ | mission | links | search | IRC | YOU choose the stories! K5 Store by Jinx Hackwear Syndication Supported by NewsIsFree