Re: spamhaus drop list
On Tue, Jun 16, 2009 at 09:04:50PM -, John Levine wrote: Not that I've ever seen. Nobody else has the breadth of data that Spamhaus does. I've been using it for ages and based on zero complaints, it's never blocked anything that any of my users wanted. I strongly concur with John: using the Spamhaus DROP list is incredibly effective not just against spam but against many other forms of abuse. I use a script to update various routers/firewalls/mail systems once a week, and there have been no problems of any kind with it. ---Rsk
RE: spamhaus drop list
Well, there is always the bogon-list from Team Cymru http://www.cymru.com/Documents/bogon-bn-agg.txt And the bogon-list from BGPmon http://bgpmon.net/showbogons.php?inet=4global=yesprivate=yes Both containing prefixes that should not be announced on the internet, but often used by spammers trying to deliver their content. Original message Subject: RE: spamhaus drop list Date: Tue, 16 Jun 2009 14:00:51 -0400 From: Quinn Mahoney qu...@activehost.com To: nanog@nanog.org Is there a competing droplist, that can be compared against Spamhaus's droplist? That seems like an extraordinary claim, so I'm not satisfied with the evidence provided. Is this not the best droplist? -- With kind regards, Michiel Klaver BA.ict GrafiX Internet B.V. Stationsplein 20 2907 MJ Capelle aan den IJssel The Netherlands Web: http://grafix.nl/ Tel: +31-(0)10-2640210 Fax: +31-(0)10-2640211 Providing high-end professional internet services at our privately owned net-neutral in-house Data Center Facilities in Capelle aan den IJssel and Alphen aan den Rijn. Connected at TeleCityRedbus2 (Amsterdam) and Spaanse Kubus (Rotterdam).
RE: spamhaus drop list
Hi! Both containing prefixes that should not be announced on the internet, but often used by spammers trying to deliver their content. When did you experience this last time, this is not what we see on various antispam projects. So if you have new information, please share, we didnt see bogons used a lot at least the last 12 months. Drop list is a completely different thing, and effective, but also effective to loos legitimate mails, the blocks inside there are too wide. I would not recommend people putting that inside iptables or something ;) Bogon filtering is something that should be considered common practice. So your borders or upstreams should take care of that ;) Bye, Raymond.
Re: spamhaus drop list
Traffic from bogon IP space is more likely than anything else to be the result of misconfiguration rather than a spammer abusing it. The cymru bogons list and the spamhaus drop list target two entirely distinct issues and they shouldnt be confused together. On Wed, Jun 17, 2009 at 2:14 PM, Michiel Klaverm.kla...@grafix.nl wrote: Well, there is always the bogon-list from Team Cymru http://www.cymru.com/Documents/bogon-bn-agg.txt And the bogon-list from BGPmon http://bgpmon.net/showbogons.php?inet=4global=yesprivate=yes Both containing prefixes that should not be announced on the internet, but often used by spammers trying to deliver their content.
Re: spamhaus drop list
Patrick W. Gilmore wrote: I have not used MAPS, so I cannot comment on its utility. but I have never heard a single credible claim Mr. Vixie is a spammer, more or less a verifiable one. (Yes, that includes the claim below.) From my personal experience, Mr. Vixie is very much the opposite of a spammer. Mr. Vixie gave the Keynote speech at the NANOG conference yesterday, so I would submit the community at large disagrees with Mr. Anderson's assessment. The former MAPS offerings have been owned by Trend Microsystems since 2005, and I'm fairly certain that Mr. Vixie hasn't been involved in that project since before Trend took over. There's more information at http://www.mail-abuse.com/. (Full disclosure: I worked for the Mail Abuse Prevention System from 2000-2001.) -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: spamhaus drop list
On Wed, 17 Jun 2009, Suresh Ramasubramanian wrote: The cymru bogons list and the spamhaus drop list target two entirely distinct issues and they shouldnt be confused together. Correct. And whatever list you use, for whatever purpose, at the time you start using it also set up a process to update it or age old entries. Don't wait until later. Those lists will be there long after you forget about it, and maybe even longer than you; and it will save you or your successor a lot of troubleshooting headaches.
Re: spamhaus drop list
On Thu, Jun 18, 2009 at 5:29 AM, Sean Donelans...@donelan.com wrote: On Wed, 17 Jun 2009, Suresh Ramasubramanian wrote: The cymru bogons list and the spamhaus drop list target two entirely distinct issues and they shouldnt be confused together. Correct. And whatever list you use, for whatever purpose, at the time you start using it also set up a process to update it or age old entries. Don't wait until later. Those lists will be there long after you forget about it, and maybe even longer than you; and it will save you or your successor a lot of troubleshooting headaches. .. and to sanity check the fallout of fat fingers, bitrot or whatever (like where you set out to block a /24 but end up blocking a /2 instead) -- Suresh Ramasubramanian (ops.li...@gmail.com)
RE: spamhaus drop list
Is there a competing droplist, that can be compared against Spamhaus's droplist? That seems like an extraordinary claim, so I'm not satisfied with the evidence provided. Is this not the best droplist? -Original Message- From: Dean Anderson [mailto:d...@av8.com] Sent: Monday, June 15, 2009 6:10 PM To: Quinn Mahoney Cc: nanog@nanog.org Subject: Re: spamhaus drop list I suggest you avoid spamhaus, MAPS, and SORBS. They are really spammers in disguise, using blacklists to harm their competition while presumably letting their own spam through. We know they have used trust of the anti-spam community to list-wash spam-trap addresses. See http://www.iadl.org/whitehat/whitehat-story.html add the IADL pages on Paul Vixie and MAPS. You might also look at http://www.av8.net/IETF-watch/People/JohnLevine/index.html Levine, long head of the Anti-spam Research Group, was also unmasked as a spammer. Fred Baker f...@cisco.com is on the ISC Board of Trustees, and is a Vixie supportor. --Dean On Mon, 15 Jun 2009, Quinn Mahoney wrote: I'm looking to implement the Spamhaus drop list. http://www.spamhaus.org/drop/index.lasso On their FAQ they have a script that looks like it grabs the lists text file and connects to a given router, and tells you what has changed in the list, and what your router is null routing. I'm not sure if it then removes the null routes if a list entry has been removed. I haven't found much documentation on the net regarding this. In the future it looks like you will be able to peer with them and null route traffic from a private AS, which will be routes from the drop list. Right now though, it looks like you'd have to update an ACL manually for any changes to the list. Or use this script which null routes the traffic (I guess it's not a big deal getting the syn packets, as long as the mail won't send because of the null route). I am not sure if this script updates the null routes automatically, or how to use it, I can't find to much documentation. Any documentation on this script or another script available. What are your suggestions? thanks -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000
Re: spamhaus drop list
Is there a competing droplist, that can be compared against Spamhaus's droplist? That seems like an extraordinary claim, so I'm not satisfied with the evidence provided. Is this not the best droplist? Obviously the Spamhaus DROP list should be evaluated - you should not use such lists unreservedly. That said, the Spamhaus DROP list contains entries that *are* verifiably bad, e.g. the well published Cernel 85.255.112.0/20 prefix. Regarding the extraordinary claim - consider the possibility that Nanog has its share of kooks. Steinar Haug, Nethelp consulting, sth...@nethelp.no
Re: spamhaus drop list
Also I don't like those lists at all http://www.heise.de/ix/nixspam/dnsbl_en/ Heise do print the very important magazines IX, CT and others in germany. They depend on their emails coming through. Kind regards Peter Quinn Mahoney wrote: Is there a competing droplist, that can be compared against Spamhaus's droplist? That seems like an extraordinary claim, so I'm not satisfied with the evidence provided. Is this not the best droplist? -Original Message- From: Dean Anderson [mailto:d...@av8.com] Sent: Monday, June 15, 2009 6:10 PM To: Quinn Mahoney Cc: nanog@nanog.org Subject: Re: spamhaus drop list I suggest you avoid spamhaus, MAPS, and SORBS. They are really spammers in disguise, using blacklists to harm their competition while presumably letting their own spam through. We know they have used trust of the anti-spam community to list-wash spam-trap addresses. See http://www.iadl.org/whitehat/whitehat-story.html add the IADL pages on Paul Vixie and MAPS. You might also look at http://www.av8.net/IETF-watch/People/JohnLevine/index.html Levine, long head of the Anti-spam Research Group, was also unmasked as a spammer. Fred Baker f...@cisco.com is on the ISC Board of Trustees, and is a Vixie supportor. --Dean On Mon, 15 Jun 2009, Quinn Mahoney wrote: I'm looking to implement the Spamhaus drop list. http://www.spamhaus.org/drop/index.lasso On their FAQ they have a script that looks like it grabs the lists text file and connects to a given router, and tells you what has changed in the list, and what your router is null routing. I'm not sure if it then removes the null routes if a list entry has been removed. I haven't found much documentation on the net regarding this. In the future it looks like you will be able to peer with them and null route traffic from a private AS, which will be routes from the drop list. Right now though, it looks like you'd have to update an ACL manually for any changes to the list. Or use this script which null routes the traffic (I guess it's not a big deal getting the syn packets, as long as the mail won't send because of the null route). I am not sure if this script updates the null routes automatically, or how to use it, I can't find to much documentation. Any documentation on this script or another script available. What are your suggestions? thanks -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: pe...@peter-dambier.de http://www.peter-dambier.de/ http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ ULA= fd80:4ce1:c66a::/48
Re: spamhaus drop list
On Jun 16, 2009, at 2:00 PM, Quinn Mahoney wrote: Is there a competing droplist, that can be compared against Spamhaus's droplist? That seems like an extraordinary claim, so I'm not satisfied with the evidence provided. Is this not the best droplist? Extraordinary claims require extraordinary proof. Mr. Anderson gives little proof at all, and not even close to extraordinary proof, IMHO. My personal experience is that Spamhaus is highly respectable organization. They are by no means perfect, but I trust their judgement to a high degree, FWIW. The Spamhaus DNSRBLs are, I believe, the most used on the Internet. This suggests the rest of the Internet has a different opinion than Mr. Anderson. I have not used MAPS, so I cannot comment on its utility. but I have never heard a single credible claim Mr. Vixie is a spammer, more or less a verifiable one. (Yes, that includes the claim below.) From my personal experience, Mr. Vixie is very much the opposite of a spammer. Mr. Vixie gave the Keynote speech at the NANOG conference yesterday, so I would submit the community at large disagrees with Mr. Anderson's assessment. SORBS is probably not as highly regarded as Spamhaus, but as with Vixie, not one credible claim has ever been made that Michelle is a spammer, including the below. Again, the opposite is reality, and probably to the same extent as Vixie. (I.e. Some people think they go too far in fighting spam, not in sending it.) Finally, John Levine is not a spammer either. I'm kinda tired of giving proof, so take my word for it, or not, as you please. Anyway, just some personal opinions from someone who has had personal interaction with the people involved and used two of the three products mentioned. Not sure this was operational, but I felt the need to step up and defend people after you forwarded the outrageous claims below to the list. (No one on the list saw Mr. Anderson's claims other than you, because you were personally CC'ed.) End of day, your network, your choice. I think you know mine. -- TTFN, patrick -Original Message- From: Dean Anderson [mailto:d...@av8.com] Sent: Monday, June 15, 2009 6:10 PM To: Quinn Mahoney Cc: nanog@nanog.org Subject: Re: spamhaus drop list I suggest you avoid spamhaus, MAPS, and SORBS. They are really spammers in disguise, using blacklists to harm their competition while presumably letting their own spam through. We know they have used trust of the anti-spam community to list-wash spam-trap addresses. See http://www.iadl.org/whitehat/whitehat-story.html add the IADL pages on Paul Vixie and MAPS. You might also look at http://www.av8.net/IETF-watch/People/JohnLevine/index.html Levine, long head of the Anti-spam Research Group, was also unmasked as a spammer. Fred Baker f...@cisco.com is on the ISC Board of Trustees, and is a Vixie supportor. --Dean On Mon, 15 Jun 2009, Quinn Mahoney wrote: I'm looking to implement the Spamhaus drop list. http://www.spamhaus.org/drop/index.lasso On their FAQ they have a script that looks like it grabs the lists text file and connects to a given router, and tells you what has changed in the list, and what your router is null routing. I'm not sure if it then removes the null routes if a list entry has been removed. I haven't found much documentation on the net regarding this. In the future it looks like you will be able to peer with them and null route traffic from a private AS, which will be routes from the drop list. Right now though, it looks like you'd have to update an ACL manually for any changes to the list. Or use this script which null routes the traffic (I guess it's not a big deal getting the syn packets, as long as the mail won't send because of the null route). I am not sure if this script updates the null routes automatically, or how to use it, I can't find to much documentation. Any documentation on this script or another script available. What are your suggestions? thanks -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000
Re: spamhaus drop list
http://wnagele.com/2007/06/19/spamhouseorg-vs-nicat/ Another problem with spamhaus, they want to earn money. The Pirates Party in germany is a nonprofit. Nevertheless our mailers use a fixed addresses and when you query spamhaus long enough from a fixed address you are put on a blacklist and fed wrong information. Time and again all mails bounced. Every new mail admin went through this cycle :) Kind regards Peter Patrick W. Gilmore wrote: On Jun 16, 2009, at 2:00 PM, Quinn Mahoney wrote: Is there a competing droplist, that can be compared against Spamhaus's droplist? That seems like an extraordinary claim, so I'm not satisfied with the evidence provided. Is this not the best droplist? Extraordinary claims require extraordinary proof. Mr. Anderson gives little proof at all, and not even close to extraordinary proof, IMHO. My personal experience is that Spamhaus is highly respectable organization. They are by no means perfect, but I trust their judgement to a high degree, FWIW. The Spamhaus DNSRBLs are, I believe, the most used on the Internet. This suggests the rest of the Internet has a different opinion than Mr. Anderson. I have not used MAPS, so I cannot comment on its utility. but I have never heard a single credible claim Mr. Vixie is a spammer, more or less a verifiable one. (Yes, that includes the claim below.) From my personal experience, Mr. Vixie is very much the opposite of a spammer. Mr. Vixie gave the Keynote speech at the NANOG conference yesterday, so I would submit the community at large disagrees with Mr. Anderson's assessment. SORBS is probably not as highly regarded as Spamhaus, but as with Vixie, not one credible claim has ever been made that Michelle is a spammer, including the below. Again, the opposite is reality, and probably to the same extent as Vixie. (I.e. Some people think they go too far in fighting spam, not in sending it.) Finally, John Levine is not a spammer either. I'm kinda tired of giving proof, so take my word for it, or not, as you please. Anyway, just some personal opinions from someone who has had personal interaction with the people involved and used two of the three products mentioned. Not sure this was operational, but I felt the need to step up and defend people after you forwarded the outrageous claims below to the list. (No one on the list saw Mr. Anderson's claims other than you, because you were personally CC'ed.) End of day, your network, your choice. I think you know mine. -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: pe...@peter-dambier.de http://www.peter-dambier.de/ http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ ULA= fd80:4ce1:c66a::/48
Re: spamhaus drop list
On Jun 16, 2009, at 4:43 PM, Peter Dambier wrote: http://wnagele.com/2007/06/19/spamhouseorg-vs-nicat/ Another problem with spamhaus, they want to earn money. The Pirates Party in germany is a nonprofit. Nevertheless our mailers use a fixed addresses and when you query spamhaus long enough from a fixed address you are put on a blacklist and fed wrong information. Time and again all mails bounced. Every new mail admin went through this cycle :) I know. Who would expect that when you use a resource, the people who own and pay for that resource might want to be compensated? The least they should do is make these rules clear and prominent on their website so you could know before you use the resource! Oh, wait, they do -- TTFN, patrick Patrick W. Gilmore wrote: On Jun 16, 2009, at 2:00 PM, Quinn Mahoney wrote: Is there a competing droplist, that can be compared against Spamhaus's droplist? That seems like an extraordinary claim, so I'm not satisfied with the evidence provided. Is this not the best droplist? Extraordinary claims require extraordinary proof. Mr. Anderson gives little proof at all, and not even close to extraordinary proof, IMHO. My personal experience is that Spamhaus is highly respectable organization. They are by no means perfect, but I trust their judgement to a high degree, FWIW. The Spamhaus DNSRBLs are, I believe, the most used on the Internet. This suggests the rest of the Internet has a different opinion than Mr. Anderson. I have not used MAPS, so I cannot comment on its utility. but I have never heard a single credible claim Mr. Vixie is a spammer, more or less a verifiable one. (Yes, that includes the claim below.) From my personal experience, Mr. Vixie is very much the opposite of a spammer. Mr. Vixie gave the Keynote speech at the NANOG conference yesterday, so I would submit the community at large disagrees with Mr. Anderson's assessment. SORBS is probably not as highly regarded as Spamhaus, but as with Vixie, not one credible claim has ever been made that Michelle is a spammer, including the below. Again, the opposite is reality, and probably to the same extent as Vixie. (I.e. Some people think they go too far in fighting spam, not in sending it.) Finally, John Levine is not a spammer either. I'm kinda tired of giving proof, so take my word for it, or not, as you please. Anyway, just some personal opinions from someone who has had personal interaction with the people involved and used two of the three products mentioned. Not sure this was operational, but I felt the need to step up and defend people after you forwarded the outrageous claims below to the list. (No one on the list saw Mr. Anderson's claims other than you, because you were personally CC'ed.) End of day, your network, your choice. I think you know mine. -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: pe...@peter-dambier.de http://www.peter-dambier.de/ http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ ULA= fd80:4ce1:c66a::/48
Re: spamhaus drop list
Is there a competing droplist, that can be compared against Spamhaus's droplist? Not that I've ever seen. Nobody else has the breadth of data that Spamhaus does. I've been using it for ages and based on zero complaints, it's never blocked anything that any of my users wanted. R's, John
Re: spamhaus drop list
John Levine wrote: Not that I've ever seen. Nobody else has the breadth of data that Spamhaus does. I've been using it for ages and based on zero complaints, it's never blocked anything that any of my users wanted. R's, John I have to agree with this...I'm somewhat surprised to see some of the comments here. I've found there service to work well and have never received customer complaints.