Wednesday, April 07, 2010

Spamhaus sucks

Spamhaus sucks !!

It's supposed to be some kind of "web services to prevent spam" but they are unresponsive, offer no email contacts/support to get your name off the list, and have now implemented something they call   PBL for all dynamic ip address internet users . So some emails i now send out are bouncing with the reply

"74.73.224.0/19 is listed on the Policy Block List (PBL)"

eg. for being a dynamic ip address. - No shit sherlock.

So whilst Spamhaus is not "blocking spam" they are now suggesting that all email from all Time Warner dynamic ip address customers be blocked by default. This isn't emails that are being sent from a mail server to the internet via DNS directly but emails sent from my home office sbs 2003 exchange server to Time Warners SMTP then on to the recipients server the way it always has.

So if you are a sys admin and you turned this PBL feature on you wont be getting any email from me (or the other 400,000 time warner users).

Spamhause sucks !!


Cheers,
Dean

22 comments:

  1. Interesting, i never thought about it that way. I guess Time Warner is at fault here for providing that info, so basically you are saying if i signed up for a busienss class ip address this issue wouldn't happen?

    ReplyDelete
  2. You should have no problems if you post thru your own ISP's SMTP mail server.

    ReplyDelete
  3. nope, i'm sending them through time warners SMTP, it's been working fine for the last 4 years, spamhaus has just turned on this PBL thing and this is now causing problems.

    ReplyDelete
  4. There seems to be a misunderstand here.

    Spamhaus doesn't block *anything*, they simply don't have the power.

    Mail server operators choose what to block, and how to do so. As a mail server operator, I choose to use various services (including a couple of Spamhaus' services) because they're extremely effective.

    If you're actually delivering through your ISP's mail server then either your ISP needs to get their server delisted, or the recipient has their server configured to do "deep header scanning" or similar against the PBL, which is a serious misconfiguration.

    It's quite likely that the recipient is using deep header scanning here since Time Warner's outbound mail exchangers don't seem to be listed. If this is the case, there is likely nothing Time Warner or Spamhaus can do about it, only the recipient can fix their own server.

    ReplyDelete
  5. @Dave - Spamhaus dont block - true BUT they 'advise' other people to block. By default thats the same thing.

    Re getting Time Warner to delist their servers.... I'm no expert but read up on PBL.

    My limited understanding of PBL is that Time Warner accept the email via their SMTP server, then forward it on, BUT they tell Spamhaus this is coming from a dynamic IP address.

    Spamhaus are now advising with their PBL service that all sys admins 'Block' dynamic IP addresses.

    There isn't any deep header scanning, it's just tagged as being dynamic ip address sourced so dont deliver.

    I may be missing something and if someone using Time Warner knows how i can get my home office SBS 2003 server off the PBL list open to suggestions.

    ReplyDelete
  6. Dean -

    The Time-Warner SMTP server in New York is at smtp-server.nyc.rr.com at 75.180.132.33. If you're really sending your email through that, then blocking of 74.73.224.0/19 obviously isn't going to stop your email.

    Either you're misconfigured, or your recipient is misusing the PBL.

    ReplyDelete
  7. >or your recipient is misusing the PBL.

    Like i said my mail has always gone to smtp-server.nyc.rr.com

    it's not just one email server that is misconfigured, i had 5 emails from differnt recipients around the world all start bouncing my emails last week.

    ReplyDelete
  8. OK, I'm game, and from your comments on nanae you seem to be sane. :) Let's diagnose.

    I assume you're using Outlook. Tools/Options/Mail Setup/Email Accounts should show your Outgoing Mail Server (SMTP) as smtp-server.nyc.rr.com.

    If that's correct, then More Settings/Advanced should have as a port setting Outgoing Server (SMTP) of 587, and the 'this server requires an encrypted connection (SSL) box checked.

    Are both of those true?

    See, what might have happened is that some large provider might have started using the PBL last week. The PBL has been around for a good long while, and it's a very sane block list, because it's the ISP themselves saying that mail shouldn't be coming out of these ranges. It's your ISP making this choice, and publishing this information.

    Look at it from my perspective. Time-Warner says email shouldn't be coming out of this block. I see email coming out of this block. My assumption is that it must be a bot or a virus. The number of cable/DSL boxes p0wned by a bot are so high, it's probably a good assumption.

    ReplyDelete
  9. @Tim, no as i said many times already, i run my own SBS2003 server at home.

    So my desktop/laptop/other mobile clients connect to this sbs2003 server/exchange and then THIS delivers the mail to smtp-server.nyc.rr.com

    My issue is that Spamhaus automatically assume home cable/dsl boxes are going to be sending spam, but i could make a phone call tomorrow to time warner and pay $100 a month extra for a dedicated IP address and with the same setup not be affected by PBL.

    PBL is a farce.

    It's a fake step at stamping out spam.

    Time Warner shouldn't be handing out the details of my ip address to spamhaus and this is what i have an issue with.

    ReplyDelete
  10. Spamhaus is reporting that your IP address is a dynamic (or other generic end-user) address. That's the truth, isn't it? Do you have an objection to them telling the truth?

    If somebody doesn't want mail from such addresses, that's his policy. Do you claim that your desires should outweigh the policies of the owner of the equipment in question?

    If they're blocking all mail with a PBL address in any Received header, they're going to block a whole lot of mail they shouldn't be. You'd be doing them a favor if you let them know about that.

    Since I haven't seen mail from you, I don't know if you're trying to send directly or not.

    ReplyDelete
  11. Seth, my issue is apart from a fixed IP address costing me $100 more a month i wouldn't have to change a single other thing in order to get around PBL.

    It's not protection or stamping out spam, it's just a hostage situation from Spamhaus.

    ReplyDelete
  12. There's a very serious misunderstanding here.

    TW has announced (via Spamhaus PBL) that /19 as a block that should not be sending email DIRECTLY to the Internet, they should be sending their email via TW mail servers.

    The PBL is supposed to be used by the recipient mail server ONLY on the IP address of the machine that connects to it. Not previous IPs. This is part of the Spamhaus usage instructions. Secondly, an ISP should not be using the PBL on their own user space, especially if they've listed it _themselves_ - that would be idiotic.

    [Note: some ISPs will insist that internal submissions are authenticated. If your mail server isn't authenticating to TW, then TW may be applying the PBL. Which is not an unusual practise. You should make sure your server IS authenticating to TW.]

    Since your email is going first to a TW mail server, then, no server _other_ than that will see your IP connect directly to it.

    If your email is being blocked by a PBL listing, then, either:

    a) you're sending email directly (but you seem not to be), or

    b) The receiving mail server (after TW) is using the PBL improperly and blocking you, or

    c) TW is using the PBL incorrectly (or you're not authenticating per their instructions) and blocking your direct connections.

    None of which is Spamhaus's fault.

    ReplyDelete
  13. I've said this before and this will be the last post on the matter
    (either in or out, so please whilst thanks for all the comments there is nothing else to discuss here).

    @Clewis,
    Yes i am sending mail to TW.
    No they are not blocking it but the end recipient is.

    My issue with Spamhaus is, if all i need to do is spend $100 a month more for a fixed ip address, then what they are doing isn't spam prevention.

    PBL is a farce and should be shut down.

    It's NOT spam prevention but a ransom demand to anyone running an email server on a dynamic IP address.

    ReplyDelete
  14. You misunderstand the purpose of the PBL. The PBL is intended to stop spambots (infections) spamming directly - few if any spambots send via their corresponding ISP mail servers, because most ISPs rate-limit.

    Spambots are 80%+ of all spam, and the PBL does an extremely good job of stopping most of that.

    Secondly, since a spambot operator doesn't own your TW account, it'd be kinda hard to make _your_ IP static, wouldn't it?

    Besides, they have 10's of thousands of infections to spam from. Why throw away money they don't need to?

    Both static and dynamic spambots usually get caught by Spamhaus' XBL (via CBL) list. So, that $100 wouldn't make a spambot immune from being caught by Spamhaus.

    Now if you were a spammer and paid your $100 for a static IP, if you tried to run it thru TW's mail server, their rate limiters would probably catch you.

    If you spammed direct, then Spamhaus' SBL list (or some other list) would probably eventually catch the IP. Then TW would probably zap your account.

    You see then, PBL catches one class of spam. XBL catches other classes. SBL catches yet more.

    None of the three does everything by themselves. But together, they're one of the most effective spam stopping mechanisms there is.

    Which is why they're bundled in Zen, so you get all three at once.

    ReplyDelete
  15. lol, seeign you went to that much effort to write the comment i posted it - but i'm done.

    ReplyDelete
  16. I've just implemented a reciprocity rule for my home-grown server. It checks whether a remote server would block the reply, and if it would, it does 550 571.

    ReplyDelete
  17. Spamhaus is putting loads of DYNAMIC IPs on their lists, what's the fucking point of that? *One* zombie computer will "poison" at least 1 IP/day in the ISPs IP block and every day a non-zombie computer inherits that IP leaving a user who doesn't know what he did wrong that he got banned from IRC.

    Then they put loads of e.g. mail- cloud- whatnot-server IPs on the list, making personal and corporate emails fail for no goddamn reason except some jerks amongst thousands abused the IP for one day.

    This is not even remotely effective against the spam either, at the time the IP was added to the list, the spammers have changed it twice and the reported IP is "clean" again. So spamhaus is nothing but an "organization" to cater revenge-fantasies of dumb admins.

    ReplyDelete
  18. Im in this same situation, not wanting to fork over an extra $100. So did you find a way around it yet?

    ReplyDelete
  19. Nope never found a solution, Spamhaus must have changed their policies about TimeWarner ip addresses as i kept calling timewarner level 3 support to register a complaint every time one of my emails were blocked as well as sent an email from a gmail account to the sys admin of the recipients email (if the end user knew who that was) with a link to this blog post and an explanation of what PBL was.

    I havent heard of anyone not receiving my emails in a while so maybe Spamhaus turned off PBL, it was a shit idea in the first place or maybe they just approved Smtp-NYC.RR.com onto their white lists.

    ReplyDelete

  20. Spamhaus.org which is claim to be non profitable organization infact which is not.
    Recently Russian government declared spamhaus as ille
    This is russian link but you can use google translator
    http://habrahabr.ru/post/171223/

    Must read this too
    http://en.wikipedia.org/wiki/The_Spamhaus_Project#Register_of_Known_Spam_Operations
    http://translate.google.com/translate?hl=en&sl=ru&tl=en&u=http%3A%2F%2Fwww.stopspamhaus.org%2F
    http://www.complaintsboard.com/complaints/spamhaus-london-england-south-yorkshire-c112627.html
    Also google about it's founder Steve Linford who has shady past.
    Spamhaus founder has formed multiple companies to sell serices like bgp feed etc and all the funds are routed to ther offshore accounts in seychell and monte carlo where Steve linford lives.

    After reading all this do you think spamhaus is a legal and ethical organization ?

    ReplyDelete
  21. I'm not some big techie, but each time i get email refused spam haus name features prominently, they have poor communication i despise them and would like to see them prosecuted for their interference in my mailing, i should be able to email my daughter back after she emails me. I use mail .com and they are using this spam haus gang of monkeys trying to hump a football, i am not impressed, they dont have any right to interject them selves in to my correspondence.

    ReplyDelete
  22. Spamhaus have been blocking some companies from receiving my emails for about 6 years now. I often resort to phoning these companies, which can be a very expensive procedure if they are located overseas. I believe many companies must be losing a great deal of business due to the blocking of legitimate email traffic. Many people who receive a returned email that accuses them of spamming will see this as an insult. Many customers must say "Oh well, they are too difficult and obviously do not need my business". They will go elsewhere.

    I have tried to have my IP address unblocked, but Spamhaus simply reinstates my IP address. I am destined to be labelled a notorious Spambot by Spamhaus forever it seems!!

    I once emailed Spamhaus and actually got a reply from a human being, who, in a rather overbearing and authoritative tone, instructed me that it was my Server's fault for not using the correct protocols. So I contacted my ISP provider and they replied that as far as they are concerned they do use all of the correct protocols. They also asked "Who are Spamhaus and what right have they to tell us what protocols we should be using? And why are their protocols the correct ones?"

    Spamhaus have an online form where you can request to be unblocked, but the form does not work. It appears to be designed merely to frustrate and intimidate. After filling out the form and clicking enter, you receive the following auto-generated email from Spamhaus:

    "... you can now activate your request by entering the code 'xxxxx' at the Spamhaus PBL Removals page or by clicking on the following link:

    http://www.spamhaus.org/pbl/removal/verify/xxxxxxx_xxxxx"

    So you click on the link only to receive the following onscreen message.

    "Policy Block List

    Failed

    The IP address removal process failed for the following reason:

    Tokens do not match

    For assistance with removing your IP address from the PBL database please take a moment to read the Frequently Asked Questions (PBL FAQs)."

    Surprise, surprise!! The FAQs page leads you back to the same form and you continue on the same loop to failure forever.

    It appears Spamhaus treat the general public as little more than lowly Mongol peasants who must bow, grovel and scrape before them, the all-powerful and all-knowing Emperors. But really, who put them in charge anyway? The answer, nobody but them. The internet does not need these cyber bullies and dictators and would be a much better place without them.

    ReplyDelete