Spamhaus listed an entire /16

randvegeta

raindog308 said: Wasn't sure you were trolling before, but...

I wasn't trolling, but I also do not advocate it either. NAT is great! IPv6 can wait. NAT is perfectly fine for the time being.

But it would be completely true that if NAT wasn't a thing, IPv6 adoption would be faster.

Hxxx

I get it you like to express your thoughts in a justified and well explained way but...

-Nobody read this because is too long.
-Keep it simple, have a cup of coffee... relax my friend.

Thanks for contributing to LET.

@bsdguy said:
There are two basic problems, one of which rears its head in far more places than email, which is the fact that the email system is decades old and was conceived in times where trust could be reasonably assumed.

Hence the email system has quite few (and rather feeble) safeguards against abuse.

The other problem is the one beyond spamhaus and it's about as old as mankind: Give someone largely uncontrolled power and he will abuse it or at least be careless.

spamhaus came into existence to respond to an urgent question that again came into existence because the email system had been conceived with benevolent, or at least not malevolent, users in mind.
spamhaus was very useful in addressing that problem. The logic is behind is simple and powerful: spam by definition addresses very many and hence that very fact can be used, also practically, to recognize it and to make that information available so as to fight it.

The next level, every wordpress or similar user knows that, came when spammers found a simple way to escape that trap by sending from frequently changing IPs. The natural response was to enhance the recognition mechanism by spotting providers/networks who seemed to be careless or even supportive of spammers. The problem, though, is that those providers do not tell their honest customers "listen, we are fraudsters" which leads to many innocent customers being caught in spam filters.

The other factor that escalated the problem was spamhaus itself; it de facto escalated and became a bully by focussing to one-sidedly on the evil guys and by all but ignoring the good guys who just happened to be caught and hit by spamhaus, too.

Finally there is the factor of leverage and propagation. If I as single blogger block whole networks the damage is quite limited. If, however, spamhaus does that the damage is enormous.

Considering that often we ourselves are the product, that we, the users, have a high value, at least in big numbers, on the internet, I do see a chance to succeed and a promising attempt in creating a "better spamhaus".
What we need is something like a spamhaus, which is useful, but one where we do not one-sidedly focus on the evil guys, gratuituously "killing" lots and lots of innocent people along the way but where we offer reasonable and acceptable ways to escape the blacklist net when not being evil or when a real problem has been solved.

And we have another factor on our side: spamhaus just like email itself is aeons old. Today we have very much progressed technologies and means available. Some obstacles that would have seemed unsurmountable 20 years ago can be easily overcome today; we can, for instance, easily do much better evaluation logic and more complex mechanisms (e.g. if a spammer abuses the possibility to clear himself, he will be hit very much harder the next time or, another example, the fact that a certain provider frequently has spammers in his network but is known to quickly and effectively react can be considered in the mechanism).
Just think of the Kegels 10k problem. Even a few years ago that was indeed a problem. Nowadays there are even scripting engines (e.g. node) that can deal with 10k req/s.

Finally: I don't expect either law or economy to provide solutions. laws can be easily circumvented on the internet (even "simple" locality attribution can be hard) and having to pay for some kind of token will almost certainly lead to merely shifting the problem.

No, this is a problem rooted in technology and, to be honest, in bad technological decisions decades ago and we will need to solve it in that realm, too.

Hxxx

Dude please fix your website. every damn time I access it ...

-the slider don't work.

-It doesn't adapt on mobile (responsive). Pay a few pennies to one of the guys here to get it fixed.

-yawn

@AnthonySmith said:

randvegeta said: What kind of abuse?

Lets say I penetrate a network and use it to bulk send emails.

randvegeta said: Why does it assume that?

See above.

raindog308

Hxxx said: >-Nobody read this because is too long. -Keep it simple, have a cup of coffee... relax my friend.

Hxxx said: Dude please fix your website. every damn time I access it ...

-the slider don't work.

-It doesn't adapt on mobile (responsive). Pay a few pennies to one of the guys here to get it fixed.

-yawn

You've been drinking, haven't you...

Hxxx

you got me

@raindog308 said:

Hxxx said: >-Nobody read this because is too long. -Keep it simple, have a cup of coffee... relax my friend.

Hxxx said: Dude please fix your website. every damn time I access it ...

-the slider don't work.

-It doesn't adapt on mobile (responsive). Pay a few pennies to one of the guys here to get it fixed.

-yawn

You've been drinking, haven't you...

flatland_spider

@bsdguy said:

@randvegeta said:
I don't think Spamhaus' power or influence will diminish even if a better competing service could be built. Spamhaus needs to become completely ineffective or obsolete for them to lose what power they currently have.

>

Early mover advantage, and a catchy brand name.

They're pretty entrenched, and they're good enough until some c-level doesn't get an email from his friend using an ancient Hotmail account with the root cause being a blacklisted range in a RBL.

This may or may not be a true story.

It won't be easy and it won't be fast, so far I agree.

However: If someone does it free and right, if someone creates the right blend, it will take off and spamhaus will become less powerful.

Things start small. But they should start.

As an experienced IT guy, let me offer 2 thoughts:

• one needs a good input filter so as to avoid false listings (due to malevolence, pranks, etc)

• one needs a good reputation mechanism linked to both IP ranges and companies.

And obviously one needs a good interface and delisting procedure.

It could be done, it won't be very expensive, and it will be relatively cheap to run. And hey, you hosters are at the source, you are at an excellent position.

>

People are already trying to fix the problem. There are a bunch of RBLs out there, and quite a few were started in reaction to Spamhaus. I'll see if I can find the RBLs I used to use. I don't have the list, since I don't run email servers anymore , and I don't have a lot of time to spend researching it at the moment.

The RBL I really liked was using honeypots positioned at various ISPs to collect spam and IPs. They would escalate the ban based on the amount of spam received, and eventually the IP would just fall off the list if it behaved.

Then there used to be an association that was trying to start a whitelist. Companies would pay $25 to get vetted and listed, and they would stay on the list for a year. It was an interesting concept, but I could never find a way to hook into it to try it out.

AnthonySmith

Hxxx said: Pay a few pennies to one of the guys here to get it fixed.

I will offer you 8 whole pennies? deal?

Hxxx

I'm not cheap. Check with the other people around, I'm pretty sure somebody will do it for 8 whole pennies .

@AnthonySmith said:

Hxxx said: Pay a few pennies to one of the guys here to get it fixed.

I will offer you 8 whole pennies? deal?

AnthonySmith

Hxxx said: I'm not cheap. Check with the other people around, I'm pretty sure somebody will do it for 8 whole pennies .

As it happens I need someone to finish of my new site, I got about 70% done and ran out of time which is incidentally why the slider is broken on the current site.

Might post a job here later, obviously more than 8 pennies

southy

@willie said:

randvegeta said:

A token with real value (and can be exchanged for cash) can be attached to an E-mail. The value can be small. Say $0.10.

Your post advocates a

(x) technical ( ) legislative (x) market-based ( ) vigilante

[...]

Aaaaaaah... is it just me that gets a warm and fuzzy usenet-feeling when reading such forms?