Fish5 / Exodus Technologies - cartooney threats against a blocklist (enough said, indeed). fish5.com, safeplace.net, exodustech.com, [66.114.204.0 - 66.114.205.255]: Access denied! === Cart00ney evidence === Path: uni-berlin.de!fu-berlin.de!headwall.stanford.edu!newsfeed.stanford.edu!postnews1.google.com!not-for-mail From: fish5corp@yahoo.com (seeZmyZsig@forZmyZemail) Newsgroups: news.admin.net-abuse.email Subject: The Problem with SPEWS Date: 9 Jul 2003 08:04:32 -0700 Organization: http://groups.google.com/ Lines: 201 Message-ID: <24a08bda.0307090704.74f1ac9@posting.google.com> NNTP-Posting-Host: 66.114.204.11 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1057763072 24422 127.0.0.1 (9 Jul 2003 15:04:32 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 9 Jul 2003 15:04:32 GMT Xref: uni-berlin.de news.admin.net-abuse.email:2022920 First of all, to everyone whom this does not apply, I am sorry I had to post to this discussion. For those who don't know - this is the ONLY WAY apparently you can contact the people behind spews. (FAQ 41) I am not looking for a sympathetic ear from anyone who is not responsible for spews. In fact, I really don't have time to read responses from people who do not actually work on the spews system, and I couldn't care less about the opinions of unrelated individuals. I am looking for someone associated with spews to take responsiblity for their system. If you are considering using spews or currently do, you may want to continue to read to understand a problem with their list. ----- To the owner of spews.org: Providing false information in your domain registrant's Whois database is a violation of ICANN policy and can mean the loss of your domain name. See http://www.icann.org/registrars/wdrp.htm. Complaints have been filed with the registrant (joker.com) and follow-ups with ICANN will be made if there is no response from there. I am sure that you do not reside in Russia, but if your address is correct, then we will know how to get a hold of you. Hopefully it won't be necessary to take action against those responsible for the IP's spews runs on: 203.15.51.44 OrgName: Asia Pacific Network Information Centre OrgID: APNIC Address: PO Box 2131 City: Milton StateProv: QLD PostalCode: 4064 Country: AU 216.65.63.103 OrgName: Maxim OrgID: MAX Address: 42712 Lawrence Place City: Fremont StateProv: CA PostalCode: 94538 Country: US 216.168.31.31 OrgName: Supernews, Inc OrgID: SUPERN-4 Address: 350 The Embarcadero, 6th Floor City: San Francisco StateProv: CA PostalCode: 94105 Country: US 170.210.44.172 OrgName: Red de Interconexion Universitaria OrgID: RDIU Address: Ciudad UniversitariaI City: StateProv: PostalCode: Country: AR This is not a game. We are not children on a playground. There are real businesses and real people that are affected by your system. There are legal ramifications to not taking responsilbility. I will be looking for a direct means of contact to someone who can remove IP's from the list- it should be prodominately posted on the site. ------ I find it interesting that when an obvious problem with the spews.org system is posted to this discussion group, that there are SOME readers who are too small minded to objectively analyse the situation. Let me stress SOME, because out of all of those who may have read my posting, I only recieved a small number of what I would consider inappropriate responses. spews.org has a problem with their system in that it continues to list IP's that are no longer being used by spammers. According to their own FAQ (which everyone else is quick to point to, but apparently they have never read themselves, or at least they cannot seem to comprehend it) IP's just drop out of thier list after a while if they are not used for spamming. In our case, our IP's have been used by us for over 2 years and they are still listed. That is not acceptable. By the way, I have not found a single other RBL with our IP's in it. That should tell you something about the accuracy of spews. It does not matter whether they are listed as "Level 1" or "Level 2". They are listed, and there are people who do choose to block on Level 2. The fact that their system has this weakness is not really the problem. The problem is that spews provides no means of direct recourse for legitimate IP owners to have their IP's removed. This is just irresponsible. In fact, instead of taking responsibility for their system to correct their mistakes, they expect that those who are wrongfully being blocked to jump through hoops for the possibility of getting their IP's removed. >From the FAQ: Q16: I'm not a spammer or spam operation... heck I hate spam, but my email is getting bounced by someone using SPEWS, or I can't access a website due to SPEWS based blocking. A16: You maybe part of the rare "inadvertent blocking" that can occur when a spam friendly provider is listed in spews. Your best option is to try and educate your provider or switch to one who is not listed in SPEWS as spam friendly. SPEWS aims to avoid listing any non-spammer or non-spam support areas if possible - we just want to stop spam. Interpretation: We do not want to take responsibilty for our system, so you need to spend a lot of money and time to migrate your entire network to IP's not on our list and hope that those IP's don't get wrongfully added in the future. Q42: My IP address/range is being listed by SPEWS but I'm not a spammer and I just signed up for this/these address(s). What can I do to be removed from the list? A42: SPEWS is just an automated system, if spam or spam involvement (hosting spammers, selling spamware) from your IP address/range ceases, it will drop out of the list in time. Normally the listing involves spam related problems with your host and the first step you need to take is to complain to them about the listing, in almost all cases, they are the only people who can get an address/range out of the SPEWS list. If there is a spam related problem with your host, their IP address/range will not be removed until it is resolved. If your host or network is certain a listing mistake has been made, ask them to read this FAQ then post a message in a public forum mentioned above with the SPEWS record number (eg. S123) and/or the IP address/range information in it. Placing the text "SPEWS:" in the subject can help a SPEWS editor or developer see the message and they may double check the listing - note that, although others may, no SPEWS editor or developer will ever reply to the posting. Will this get your IP address/range removed from a SPEWS listing? Again, not if there are currently spam related problems with your host. Be aware that posting ones email address to any publicly viewable forum or website makes it instantly available to spammers. If you're concerned about getting spammed, change or "mung" the email address you use to post with. Interpretation: If you insist on actually getting your IP's removed because of our mistake, then you need to spend time (which means money) posting to a third party news group with the hopes that you don't get even more spam than you did before and/or you don't get rude emails from small minded individuals who blindly defend the spews system. This is no guarentee, however, that anything will be done to remedy the situation. It may be "cute" to some that they hide themselves behind false information and the like, but all this indicates is that they aren't prepared to take the responsibility for their system. It would seem to me that those at spews would want to improve their system. It amazes me that SOME network administrators would make decisions to block IP's based on my posting alone, and some after actually verifying that whe are not spmamers. This is simply irrational thinking. They claim I am not civil while they use vulgararities and practice name calling. I had some network admins warning me that they were now blocking our IP's, however none were "man" enough to identify themselves and their organization. I wonder if their employers would appreciate knowing the language they used in their emails and the irrational means by wich they are making decisions about which IP's to block. After all, when acting in their official capacity they act on behalf of their employer. Again, we are not children on a playground. But if you want to take your ball and go home, there is no one stopping you. spews has a problem and someone needs to take responsibilty. Enough said. administrator<>fish5.com === Reply === Path: uni-berlin.de!fu-berlin.de!logbridge.uoregon.edu!newsfeed.stanford.edu !cyclone.bc.net!newsfeed.telusplanet.net!newsfeed.telus.net !news0.telusplanet.net.POSTED!53ab2750!not-for-mail From: nospam@nomail.sorry (Sooty) Newsgroups: news.admin.net-abuse.email Subject: Re: The Problem with SPEWS Message-ID: References: <24a08bda.0307090704.74f1ac9@posting.google.com> Organization: Chyeah... Right! Lines: 73 Date: Wed, 09 Jul 2003 19:05:47 GMT NNTP-Posting-Host: 137.186.211.223 X-Trace: news0.telusplanet.net 1057777547 137.186.211.223 (Wed, 09 Jul 2003 13:05:47 MDT) NNTP-Posting-Date: Wed, 09 Jul 2003 13:05:47 MDT Xref: uni-berlin.de news.admin.net-abuse.email:2023159 In article , rule3@LinxNet.com (Jim Seymour) wrote: > > (Side note to the gentle readers of NANAE: It's almost a shame that, > should SPEWS notice this guys rantings, and observe that, indeed, the > listing is in error, they'll remove it. He appears to be in S504 - ------------------------------------------------------ Pope/Lafferty/Lusky |-------------------- 1, 66.114.199.80, Andy Pope / Gary Lafferty / micro911.net 1, 66.114.199.83, Andy Pope / Gary Lafferty / hpclv.com 1, 66.114.199.102, Andy Pope / Gary Lafferty / net-email.net 1, 66.114.199.103, Andy Pope / Gary Lafferty / web-advs.net 1, 66.114.199.0 - 66.114.199.255, Andy Pope / Gary Lafferty / hpclv.com (FOCAL.COM) (dead? - if so, still swiped) 2, 66.114.194.0 - 66.114.204.255, Andy Pope / Gary Lafferty / hpclv.com (FOCAL.COM) ---------------------| Chronic spammers Andy Pope, Gary Lafferty. List at Level 1 on sight. -------------------------------------------------------- Which I infer from: Name: fish5.com Address: 66.114.204.34 While none of the domains indicated there still resolve to the indicated IPs in the listing, this still does: Name: NS1.HPCLV.COM Address: 66.114.199.82 Focal Communications FOCC-SPRBLK-3 (NET-66-114-192-0-1) 66.114.192.0 - 66.114.255.255 Gary Company FOCC-ISNLLC-DET-1 (NET-66-114-199-0-1) 66.114.199.0 - 66.114.199.255 OrgName: Gary Company OrgID: GARYCO-2 Address: 24629 Southfield Rd City: Southfield StateProv: MI PostalCode: 48034 Country: US NetRange: 66.114.199.0 - 66.114.199.255 CIDR: 66.114.199.0/24 NetName: FOCC-ISNLLC-DET-1 NetHandle: NET-66-114-199-0-1 Parent: NET-66-114-192-0-1 NetType: Reassigned NameServer: NS1.FOCALDATA.NET NameServer: NS2.FOCALDATA.NET Comment: RegDate: 2001-06-19 Updated: 2001-10-29 TechHandle: GW450-ARIN TechName: Winters, Gary TechPhone: +1-734-462-1212 TechEmail: gary466@hotmail.com If Gary Winters = Gary Lafferty then fish5.com is toast until focal turfs him. (To our fish5.com friend - work on focal to toss this spammer and get the arin record cleared. If they do, you'll likely see your SPEWS listing go away very quickly.) === No comments, just read that! === Path: uni-berlin.de!fu-berlin.de!peer01.cox.net!cox.net!cyclone1.gnilink.net !spamkiller.gnilink.net!nwrddc01.gnilink.net.POSTED!05c4ec6b!not-for-mail From: Kevin Wayne Williams User-Agent: Mozilla/5.0 (Windows; U; Win 9x 4.90; en-US; rv:1.4a) Gecko/20030401 X-Accept-Language: ja,en MIME-Version: 1.0 Newsgroups: news.admin.net-abuse.email Subject: Re: The Problem with SPEWS References: <24a08bda.0307090704.74f1ac9@posting.google.com> <1FXOa.4139$78.1187@nwrdny03.gnilink.net> In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 38 Message-ID: Date: Wed, 09 Jul 2003 18:24:17 GMT NNTP-Posting-Host: 65.234.195.194 X-Complaints-To: abuse@verizon.net X-Trace: nwrddc01.gnilink.net 1057775057 65.234.195.194 (Wed, 09 Jul 2003 14:24:17 EDT) NNTP-Posting-Date: Wed, 09 Jul 2003 14:24:17 EDT Xref: uni-berlin.de news.admin.net-abuse.email:2023124 Morely 'spam is theft' Dotes wrote: > Mark Roberts wrote in news:1FXOa.4139$78.1187 > @nwrdny03.gnilink.net: > > >>fish5corp@yahoo.com (seeZmyZsig@forZmyZemail) wrote: >> >> >>>I had some network admins warning me that they were now blocking our >>>IP's, however none were "man" enough to identify themselves and their >>>organization. >> >>Paging Mr. Dotes... > > > I seem to recall that I stated my "name,"position, and the name of the > company, SpamBlocked.com Ahh, but he blocks even more than you do, and he uses high-tech IP address to do it. And they are better then using letters, you know. KWW ---From safeplace.net -------- Why is safeplace.net filtered access better? Again, X-STOP is the answer. Aside being the most effective in finding inappropriate sites with MudCrawler, X-STOP provides the most efficient method of blocking called Direct Access Blocking (DAB). DAB doesn't waste valuable resources and time translating letters to determine if a site is on the list of blocked URL's, but rather utilizes numbers. Each web site has an associated numeric address know as an IP address similar to the numeric part of a street address. The difference is that the IP address for each site is globally unique. By comparing numbers rather than characters DAB is thousands of times faster the other filtering systems. There are only 10 digits but 255 characters. ---End safeplace.net excerpt