Re: [anti-abuse-wg] Hold time for abused address space - DNSChanger IP's reallocated
We've ended up with IP space that had a "reputation" in the past It's quite annoying to discover that you IP block, or a part of it, is blacklisted before you even get a chance to use it .. Though I wonder is the overall scarcity of IPv4 space going to mean that IP blocks will end up being reassigned more quickly as there's fewer and fewer .. Mr Michele Neylon Blacknight Solutions ♞ Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.co http://blog.blacknight.com/ http://blacknight.cat http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Blacklisted space is really quite different though, isn't it? There is a big difference between the new address holder's email being rejected somewhere because of an RBL and the new address holder being able to amass a list of infected/vulnerable users based on traffic they are passively receiving, just by routing the prefix. In the RBL case you know who you are trying to send mail to and you may know what blacklist is being used - the new address block holder has tools to help resolve their problem. These infected users don't know they are sending this traffic, they don't know who its going to, be it the original bad guys or some new guys. The new org that has the netblock can't do anything to stop this traffic from coming, which means they'll have to pay for it in bandwidth consumption, resources on the host when they put the IP's into service, and resources to filter. (Not every IP in the netblock is getting DNSChanger traffic) I fully get that receiving unwanted traffic is just part of being on the internet - but I think the volume and type of traffic that DNSChanger IP's are getting, and what it reveals, is something quite different than what we've seen in the past, for both the resource holder and the infected users. Yes, the scarcity of v4 space WILL mean that IP blocks will be assigned more quickly. ARIN has said as much in a public statement that outlines their plans for depletion. I don't know what RIPE's policy had been - or if it had always been 6 weeks. --Heather On Wed, Aug 15, 2012 at 9:47 AM, "Michele Neylon :: Blacknight" <michele@blacknight.ie> wrote:
We've ended up with IP space that had a "reputation" in the past
It's quite annoying to discover that you IP block, or a part of it, is blacklisted before you even get a chance to use it ..
Though I wonder is the overall scarcity of IPv4 space going to mean that IP blocks will end up being reassigned more quickly as there's fewer and fewer ..
Mr Michele Neylon Blacknight Solutions ♞ Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.co http://blog.blacknight.com/ http://blacknight.cat http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Facebook: http://fb.me/blacknight Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
We've ended up with IP space that had a "reputation" in the past
Many of the "blacklist" operators are unreliable when correcting errors/outdated info in their system. The reports I get from people are that blacklist operators are often arrogant and accusatory and they often disregard explanations because they think they know better. Often these operators have anointed themselves as some type of authority but they rarely have any legal training and they often disregard other policies (such as privacy policies) because they think their issues trumps everything else. These types often think their technical knowledge gives some some type of elevated status and they accuse everyone else of being spammers, too stupid to be on the Internet, and demand everyone follow their rules, etc.
In my experience, lists managed through those principles tend to fall out of use relatively quickly and are therefore rather inconsequential for mail delivery. Best regards -lem "lists@help.org" <lists@help.org> wrote:
We've ended up with IP space that had a "reputation" in the past
Many of the "blacklist" operators are unreliable when correcting errors/outdated info in their system. The reports I get from people are that blacklist operators are often arrogant and accusatory and they
often disregard explanations because they think they know better. Often these operators have anointed themselves as some type of authority but they rarely have any legal training and they often disregard other policies (such as privacy policies) because they think their issues trumps everything else. These types often think their technical knowledge gives some some type of elevated status and they accuse everyone else of being spammers, too stupid to be on the Internet, and demand everyone follow their rules, etc.
On 8/15/2012 11:55 AM, Luis Muñoz wrote:
In my experience, lists managed through those principles tend to fall out of use relatively quickly and are therefore rather inconsequential for mail delivery.
That is not my experience. For instance, you can readily find complaints about Microsoft and Cisco as well as some of the contributors to this list. This is the norm and any place that does a good job is the exception. it is interesting how people heavily involved in "abuse" respond the way you have responded yet when you ask small businesses or non-technical experts who have been subject to false alarms respond in a completely different manner. This is because the people heavily involved in abuse are often out of touch with the rest of the world and only circulate amoong a small group of systems administrators. One guy told me I could not have known what I was talking about because he had never met me at one one of the conferences he goes to. Another very well known ant-spammer who acts as an expert witness never heard of the CISSP certification and claimed it was some kind of worthless certification. This is the same guy who says ISP's should be scanning everyone's email but when it is pointed out this violates the privacy policies he never answers. Then these types often go around calling everyone else "clueless."
-----Original Message----- From: anti-abuse-wg-bounces@ripe.net [mailto:anti-abuse-wg- bounces@ripe.net] On Behalf Of lists@help.org Sent: Wednesday, August 15, 2012 8:01 PM To: <anti-abuse-wg@ripe.net>
On 8/15/2012 11:55 AM, Luis Muñoz wrote:
In my experience, lists managed through those principles tend to fall out of use relatively quickly and are therefore rather inconsequential for mail delivery.
That is not my experience. For instance, you can readily find complaints about Microsoft and Cisco as well as some of the contributors to this list.
One can probably 'find complaints' about whichever matter in existence. Highly useful and widely used DNSBLs tend to draw particularly large amounts of irate complaints from people whose resources have been listed. The bottom line is that mail server administrators use such DNSBLs as have proven to be valuable. If a list causes excessive false positives, e.g. due to bad management, dropping it is a simple matter of adding a comment delimiter to a configuration file.
people heavily involved in abuse are often out of touch with the rest of the world
Thank you for your incessant efforts in pointing this out. -- Thor Kottelin http://www.anta.net/
Thor, On Wednesday, 2012-08-15 20:43:03 +0300, "Thor Kottelin" <thor.kottelin@turvasana.com> wrote:
-----Original Message----- From: anti-abuse-wg-bounces@ripe.net [mailto:anti-abuse-wg- bounces@ripe.net] On Behalf Of lists@help.org Sent: Wednesday, August 15, 2012 8:01 PM To: <anti-abuse-wg@ripe.net>
On 8/15/2012 11:55 AM, Luis Muñoz wrote:
In my experience, lists managed through those principles tend to fall out of use relatively quickly and are therefore rather inconsequential for mail delivery.
That is not my experience. For instance, you can readily find complaints about Microsoft and Cisco as well as some of the contributors to this list.
One can probably 'find complaints' about whichever matter in existence. Highly useful and widely used DNSBLs tend to draw particularly large amounts of irate complaints from people whose resources have been listed.
"The plural of anecdote is not data."(*) I find this particular bit of the exchange interesting. I wonder if there are metrics - preferably open and peer-reviewed metrics - for the quality of black list or other abuse reporting sites? This seems like it could be useful, and not only for arguments on the anti-abuse mailing list. :) -- Shane (*) I was going to attribute this, but it's not clear where this originated from: http://bearcastle.com/blog/?p=408
On Wednesday 15 August 2012 17.46, lists@help.org wrote:
We've ended up with IP space that had a "reputation" in the past
Many of the "blacklist" operators are unreliable when correcting errors/outdated info in their system. The reports I get from people are that blacklist operators are often arrogant and accusatory and they often disregard explanations because they think they know better. Often these operators have anointed themselves as some type of authority but they rarely have any legal training and they often disregard other policies (such as privacy policies) because they think their issues trumps everything else. These types often think their technical knowledge gives some some type of elevated status and they accuse everyone else of being spammers, too stupid to be on the Internet, and demand everyone follow their rules, etc.
This sounds that a biased opinion to me ... Blacklists exists for a reason, the reason is that spam has been neglected for so long and so little has benn done by those that _should_ take action. This very group is a good example, once created to fight spam, but when very little got effected the list was renamed to anti-abuse. Today it deals mostly with whois-enhancements. Sorry, but this is my personal experience. When nothing else works, blocking a range is what remains. Yes, blocking could be made better, for example some feedback from registries when a block has been reallocated might be of value. This info could be announced in by RIPE et.al. so blocklist operators may pick up this info.
-- Peter Håkanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det är billigare att göra rätt. Det är dyrt att laga fel. )
Hi everybody,
When nothing else works, blocking a range is what remains. Yes, blocking could be made better, for example some feedback from registries when a block has been reallocated might be of value. This info could be announced in by RIPE et.al. so blocklist operators may pick up this info.
This is a great idea and an option that has been discussed at other institutions already. I will put this on my list for future discussion and I bet this would really help a lot if blacklists are willed to use the offered information. Thanks, Tobias -- AA-WG Co-Chair
We've kind of veered away from the topic/questions I had about reallocating actively abused address space.. but.. I thought it was odd that I could not find a registration date in the RIPE db - at the time I thought I just couldn't find it, maybe it's not actually published? In the ARIN region both registration date and last updated on, are provided - something similar might be helpful? ARIN example: NetRange 63.72.0.0 - 63.72.3.255 CIDR 63.72.0.0/22 Name UU-63-72 Handle NET-63-72-0-0-1 Parent UUNET63 (NET-63-64-0-0-1) Net Type Reassigned Origin AS Customer Disney Regional Entertainment (C00576500) Registration Date 1999-06-02 Last Updated 2003-05-30 --Heather On Wed, Aug 15, 2012 at 3:42 PM, Tobias Knecht <tk@abusix.com> wrote:
Hi everybody,
When nothing else works, blocking a range is what remains. Yes, blocking could be made better, for example some feedback from registries when a block has been reallocated might be of value. This info could be announced in by RIPE et.al. so blocklist operators may pick up this info.
This is a great idea and an option that has been discussed at other institutions already. I will put this on my list for future discussion and I bet this would really help a lot if blacklists are willed to use the offered information.
Thanks,
Tobias
-- AA-WG Co-Chair
Heather, Heather Schiller wrote the following on 15/08/2012 20:51:
We've kind of veered away from the topic/questions I had about reallocating actively abused address space.. but..
Yes indeed. However I'm not sure this is exactly the best place to discuss that matter. Space can be reclaimed and reallocated for a variety of reasons and while space that has been used for abusive behaviour may well require careful handling, I do not believe policies should be based on a subset of cases. Also, please see previous conversations about definition of "abuse" sadly. I think there may well be questions to ask around the reallocation of the space and the speed at which it was done, however I think those questions may be better asked in the NCC Services WG than here. Brian, Co-Chair, Anti-Abuse Working Group
Also, please see previous conversations about definition of "abuse" sadly.
The definitions and purpose of this list should be explained when someone signs up for this list.
The definitions and purpose of this list should be explained when someone signs up for this list.
You'll have to forgive us Mr. Lists, the internet is hard: http://www.ripe.net/ripe/groups/wg/anti-abuse --adam
Tobias Knecht wrote:
Hi everybody,
Hi, as a blocklist operator, we simply drop every record for an allocation, if the abuse email address changes. Its kind of fuzzy, but works, new records will appear quick enough from an allocation, if its still the same abuser, only with a new abuse email address. And no records will appear, if its a real re-allocation hardly used so far. Other operators might use other fields, but the method is the same, keep track of the fields you are interested in and drop your records, reputation history or spam count or whatever for this allocation, if it changes. You dont even have to store the real information, you can simply store a hash value :o) Kind regards, Frank
When nothing else works, blocking a range is what remains. Yes, blocking could be made better, for example some feedback from registries when a block has been reallocated might be of value. This info could be announced in by RIPE et.al. so blocklist operators may pick up this info.
This is a great idea and an option that has been discussed at other institutions already. I will put this on my list for future discussion and I bet this would really help a lot if blacklists are willed to use the offered information.
Thanks,
Tobias
-- Mit freundlichen Gruessen, -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
if its still the same abuser
This is why many of the blacklists are all screwed up. There is no standards and people are are put into 2 classes, abusers, and non-abusers. If you ask 100 people to define abuser you get 100 different answers. If you ask a blacklist operator to define the term they will either ignore you or scoff at you. Then they will give a childish argument that networks are private property and they can block what they want that disregards the actual issues that operators normally have contracts with their users and labeling people as "abusers" with no real definition can lead to legal liabilities. Of course anyone who brings up these issues is labeled a spammer which is why these issues never get corrected and why most blacklists are not legitimately operated. A blacklist operator should have standards for putting people on the list, as well as an appeal and review process.
I am aware of this but it simply uses another unidentified term "spam." Using one undefined term to define another undefined term is not a standard. As an official spokesperson for a major security company you should know that. This is why most of these abuse groups look like they are run out of someone's Mother's basement. I think some people posting large signatures for a 3-word reply is spam so should they be blacklisted because I have that opinion? Should they be labeled an "abuser" or "spammer" or some other undefined term?
-----Original Message----- From: anti-abuse-wg-bounces@ripe.net [mailto:anti-abuse-wg- bounces@ripe.net] On Behalf Of lists@help.org Sent: Thursday, August 16, 2012 8:24 PM To: anti-abuse-wg@ripe.net
I am aware of this but it simply uses another unidentified term "spam." Using one undefined term to define another undefined term is not a standard.
Email spam is universally defined as unsolicited bulk email. It must be extremely rare for someone to join an anti-abuse *working* group without knowing basic concepts such as this one.
I think some people posting large signatures for a 3-word reply is spam so should they be blacklisted because I have that opinion?
Yes, I think you should publish a DNSBL consisting of IP addresses from which people have sent email messages that contain signatures. That would help you realise that a DNSBL only becomes relevant if server administrators find it useful and that generalisations such as 'blacklist operators are $this-and-that' are gratuitous. -- Thor Kottelin http://www.anta.net/
Email spam is universally defined as unsolicited bulk email.
You need a definition that can withstand a court challenge. Grouping vague, undefined terms does not do the trick. If I post my e-mail address in a whois database or post it on a web site am I soliciting e-mail? How many is "bulk"? So if I send you, and only you, an ad after I collect your address from this list it is not "spam" because I did not send it in bulk? When you get a single message, using your definition, you can't tell if it is spam because you don't know if it was sent in "bulk" (whatever that means). Even if you see similar reports from many different sources if they came from different IP's you still can't tell if it was spam because if different people sent the messages it may not qualify as "bulk." I don't know anyone that actually uses such a standard, in practice, to define "spam."
On Thursday 16 August 2012 22.07, lists@help.org wrote:
Email spam is universally defined as unsolicited bulk email.
You need a definition that can withstand a court challenge. Grouping vague, undefined terms does not do the trick. If I post my e-mail address in a whois database or post it on a web site am I soliciting e-mail? How many is "bulk"? So if I send you, and only you, an ad after I collect your address from this list it is not "spam" because I did not send it in bulk? When you get a single message, using your definition, you can't tell if it is spam because you don't know if it was sent in "bulk" (whatever that means). Even if you see similar reports from many different sources if they came from different IP's you still can't tell if it was spam because if different people sent the messages it may not qualify as "bulk." I don't know anyone that actually uses such a standard, in practice, to define "spam."
One advetsiment sent without my explicit demand is by definition spam. There is no greyzone!
-- Peter Håkanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det är billigare att göra rätt. Det är dyrt att laga fel. )
Dear $PERSON, On Thursday, 2012-08-16 16:07:02 -0400, "lists@help.org" <lists@help.org> wrote:
Email spam is universally defined as unsolicited bulk email.
You need a definition that can withstand a court challenge.
Why? -- Shane
If I ran a blacklist and said I am posting a list of people who post to mailing lists with signatures that were greater than 6 lines then I don't see that as a problem. If I ran the same list and just claimed those people on the list were "spammers" or "internet abusers" without explaining that they posted a sig with more than 6 lines and I personally defined that as "abuse" then that is a poorly run list. For instance, http://www.spamhaus.org/consumer/definition/ is not a usable definition to be a standard because it is just a collection of vague, undefined terms. Of course all others who are not system admins, including all courts and judges, are all "clueless" and all legal threats are unfounded and anyone who brings up the issue must be spammer.
On Aug 16, 2012, at 4:32 PM, lists@help.org wrote:
If I ran the same list and just claimed those people on the list were "spammers" or "internet abusers" without explaining that they posted a sig with more than 6 lines and I personally defined that as "abuse" then that is a poorly run list.
Well, they would be spammers or abusers according to your definition. As long as the contents of your list were consistent with whatever you define, then the list would be "well maintained". That list would be expressing *your* opinion. If you ask most people on this list whether they agree with the implicit definition of spam you used for this hypothetical list, I'm fairly certain most would disagree. Now, mail system administrators would also have to agree with your definition (or at least, consider your list as a useful resource) in order to add it to their own filtering systems. Until that happens, a listing in your list has no consequence for the mail flow. And mail system administrators' opinions will be heavily biased with the customers they serve. If an admin deploys a list that blocks legitimate spam (or that does not block enough of it) customers will complain and eventually leave. This is evolution at work.
For instance,http://www.spamhaus.org/consumer/definition/ is not a usable definition to be a standard because it is just a collection of vague, undefined terms.
Yet that definition is good enough to be used by the community at large, so I would call it a de facto standard. Chances are this message will have to pass through a bunch of mail filters whose inputs are based on that precise definition. Best regards -lem
Yet that definition is good enough to be used by the community at large,
What I am saying is that definition is not really used in practice. A recent e-mail was sent to this list that contained a different charter set which i think most people would define as "spam", Unwanted e-mail, etc. However, I have no knowledge that it was sent in "bulk" and because it had an alternate charter set I don't even know if it was a solicitation. The message does not fit the definition yet I would define it as "spam". once you look at filtering algorithms you can see how tricky it is and no spam filters works 100% correctly and the parameters change all the time based on conditions. If you start accusing people of something without having a clear definition of what they did then you are running into trouble. Think of credit reporting agencies and all the associated problems if such a database is not run correctly. they don't say "this is a list of deadbeats" they say something like "This person is delinquent on their electric bill by 90 days." If the person pays the electric bill then they are removed from the list. If you just say "the person is a deadbeat" then there is no clear definition of what the person did to get on the list and the person does not know what to do to get off the list. This is how most blacklists are run now. Comcast is a good example. once when they incorrectly blocked ports on my connection. When I asked them why they told me they were not to tell me the reason ... but they added if I did it gain I would be permanently blocked! These are the kind of crazy statements you get from some blacklist operators who think their security issues trump every other issue in the world.
I dug out an e-mail someone sent me after dealing with Cisco's Senderbase.org reputation site: "We are having the same problem with Senderbase. Their information is inaccurate and they will not tell us why we don't have a good rating. We are not on any blacklists, send 150,000 emails per day and have had the same IP addresses for seven years. They do respond but in an arrogant, rude, and accusatory manner." (Senderbase.org claims they are a credit reporting agency for IP addresses. ) Many abuse people operating these blacklists think that once they detect something they "know" the person is an "abuser" and, therefore, they have no rights and any of their objections should be disregarded. Either that or the person is regarded as "clueless" and any related legal threat is a "cartooney."
lists@help.org wrote:
Hello Mr. Lists, well, you kind of forgot the discussion about this topic you started a while ago ... its all in the archives. first, this list changed its name from anti-spam-wg to anti-abuse-wg, guess why ? spam defines the problem on the senders side, and your right, you cannot define spam because of different personal and legal definitions, you can only use it as a more general term, most people simply know what it is. (you can try and defined "live". I will be happy, if you could, most people cannot and also have different definitions, but most people also have the same ideas, when they talk about "live". You can also try and define "red" ...) second, we are talking about abuse here abuse is clearly definable, it happens on the receivers side, its either abusing somebody personally and could have various reasons or legal background, defined by different countries law, organisation rules, whatever ... third, the same email could be abusive in one country or when received by one person or organization or whatever entity and could be ok with others fourth, there is NO clear definition of abuse at the receivers side because of those different "feelings" or laws, but this one: ITS ABUSING HIM Therefore the definition of spam is pretty easy: a spam email is an unwanted email that abusing the receiver Its disturbing him, tricking him, forcing him to do illegal things, forcing him to buy things, he does not want, using his resources in a way, he did not intent, using his time, forcing him to learn and use techniques to get rid of it or whatever. He feels abused. And thats it. And this group simply tries to make it easy to prevent abuse, if the abused one wants it ...
I am aware of this but it simply uses another unidentified term "spam." Using one undefined term to define another undefined term is not a standard. As an official spokesperson for a major security company you should know that. This is why most of these abuse groups look like they are run out of someone's Mother's basement. I think some people posting large signatures for a 3-word reply is spam so should they be blacklisted because I have that opinion? Should they be labeled an
Well, I personally feel abused by people joining a discussion without telling their name, dont reveal their background and kind of hide. I feel uncomfortable with it, because I do not get enough context to argue. Furthermore I think, its rude ... I also feel abused by discussing the same things all over again ... And so: I do not want most of your comments and mails, they are unwanted and unsolicited to me personally, they are using my time and energy to read and answer, they are making me angry, because they are rude and thats stopping me from arguing without fellings and only using facts, and thats making me even more angry, and according to my definition: I would call them spam ... And you can come with whatever argument, it will not count, cause you already abused me and you cannot take that back.
"abuser" or "spammer" or some other undefined term?
Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ====================================================================== -- Mit freundlichen Gruessen, -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
Folks, I'm picking this email as the end of the thread (right now). We've gone far from our original starting point on this conversation. As Joe pointed out yesterday evening, this is not an easy conversation. There are many, many factors that go into defining "spam" and even "abuse". This working group could spend the rest of its existence trying to define them and do nothing else, so let's not try and do that. Thanks, Brian, Co-Chair AA WG Frank Gadegast wrote the following on 17/08/2012 07:50:
lists@help.org wrote:
Hello Mr. Lists,
well, you kind of forgot the discussion about this topic you started a while ago ... its all in the archives.
first, this list changed its name from anti-spam-wg to anti-abuse-wg, guess why ? spam defines the problem on the senders side, and your right, you cannot define spam because of different personal and legal definitions, you can only use it as a more general term, most people simply know what it is.
(you can try and defined "live". I will be happy, if you could, most people cannot and also have different definitions, but most people also have the same ideas, when they talk about "live". You can also try and define "red" ...)
second, we are talking about abuse here abuse is clearly definable, it happens on the receivers side, its either abusing somebody personally and could have various reasons or legal background, defined by different countries law, organisation rules, whatever ...
third, the same email could be abusive in one country or when received by one person or organization or whatever entity and could be ok with others
fourth, there is NO clear definition of abuse at the receivers side because of those different "feelings" or laws, but this one: ITS ABUSING HIM
Therefore the definition of spam is pretty easy: a spam email is an unwanted email that abusing the receiver
Its disturbing him, tricking him, forcing him to do illegal things, forcing him to buy things, he does not want, using his resources in a way, he did not intent, using his time, forcing him to learn and use techniques to get rid of it or whatever. He feels abused.
And thats it.
And this group simply tries to make it easy to prevent abuse, if the abused one wants it ...
I am aware of this but it simply uses another unidentified term "spam." Using one undefined term to define another undefined term is not a standard. As an official spokesperson for a major security company you should know that. This is why most of these abuse groups look like they are run out of someone's Mother's basement. I think some people posting large signatures for a 3-word reply is spam so should they be blacklisted because I have that opinion? Should they be labeled an
Well, I personally feel abused by people joining a discussion without telling their name, dont reveal their background and kind of hide. I feel uncomfortable with it, because I do not get enough context to argue. Furthermore I think, its rude ...
I also feel abused by discussing the same things all over again ...
And so: I do not want most of your comments and mails, they are unwanted and unsolicited to me personally, they are using my time and energy to read and answer, they are making me angry, because they are rude and thats stopping me from arguing without fellings and only using facts, and thats making me even more angry, and according to my definition: I would call them spam ...
And you can come with whatever argument, it will not count, cause you already abused me and you cannot take that back.
"abuser" or "spammer" or some other undefined term?
Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
This working group could spend the rest of its existence trying to define them and do nothing else, so let's not try and do that.
Then the list should be shut down as worthless if you cannot even define what you are doing.
How old are you? --adam
-----Original Message----- From: anti-abuse-wg-bounces@ripe.net [mailto:anti-abuse-wg- bounces@ripe.net] On Behalf Of lists@help.org Sent: Friday, August 17, 2012 12:01 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] definition of abuse
This working group could spend the rest of its existence trying to define them and do nothing else, so let's not try and do that.
Then the list should be shut down as worthless if you cannot even define what you are doing.
When you bring up an issue about following standards these are the kind of screwball messages you get from the so-called abuse community. You have the people running the list trying to end a valid discussion. That is because they if they have standards these people cannot run around making stuff up as they go along to fit their personal agenda. Of course the one fellow has a home page where he wraps himself in a curtain and calls himself "emperor Shane" http://www.time-travellers.org/. I think that about sums up the abuse "community" running this list. On 8/17/2012 12:10 PM, Adam_Wosotowsky@McAfee.com wrote:
How old are you?
--adam
You need a definition that can withstand a court challenge. Why? -- Shane let's not try and do that. Thanks, Brian, Co-Chair AA WG
On Aug 17, 2012, at 1:31 PM, lists@help.org wrote:
When you bring up an issue about following standards these are the kind of screwball messages you get from the so-called abuse community. You have the people running the list trying to end a valid discussion. That is because they if they have standards these people cannot run around making stuff up as they go along to fit their personal agenda. Of course the one fellow has a home page where he wraps himself in a curtain and calls himself "emperor Shane" http://www.time-travellers.org/. I think that about sums up the abuse "community" running this list.
I think you are the one trying to end a valid discussion. Shane's question is perfectly valid: Why does a working, widely accepted, "de facto" standard definition needs to stand out in court? -lem
I think you are the one trying to end a valid discussion. Shane's question is perfectly valid: Why does a working, widely accepted, "de facto" standard definition needs to stand out in court? -lem
As I pointed out it is often not actually used in practice. It works to a certain extent. it needs to stand up in court because there has been and most likely will be lawsuits when reputations and blacklists are published. If there are valid standards and procedures then there is a much less likelihood of getting sued. Often what you have now is people making stuff up as they go along and these are the ones who don't want standards. A few years back I tried to answer someone's e-mail and my reply was blocked. The abuse person told me my IP address block had issues and I was supposed to go back to my ISP and tell them to stop it. I asked what the issue was and they said they were not going to tell me ... but I was going to continue to be blocked until I somehow made this ISP stop some unknown activity that I knew nothing about. (The person contributes to this list but they always claim they don't remember it). Entities who do stuff like this are going to get sued sooner or later and without standards they will have problems.
On Friday 17 August 2012 08.50, Frank Gadegast wrote:
lists@help.org wrote:
Hello Mr. Lists,
well, you kind of forgot the discussion about this topic you started a while ago ... its all in the archives.
first, this list changed its name from anti-spam-wg to anti-abuse-wg, guess why ? spam defines the problem on the senders side, and your right, you cannot define spam because of different personal and legal definitions, you can only use it as a more general term, most people simply know what it is.
A disagree. spam is a well defined thing. It's unsolcitated commercial email. What is lacking in many countries is a legal definition and sanctions for sending spam. We ought to be able to fight spam ( as an international problem) even if some countries does not have specific laws against it.
(you can try and defined "live". I will be happy, if you could, most people cannot and also have different definitions, but most people also have the same ideas, when they talk about "live". You can also try and define "red" ...)
second, we are talking about abuse here abuse is clearly definable, it happens on the receivers side, its either abusing somebody personally and could have various reasons or legal background, defined by different countries law, organisation rules, whatever ...
third, the same email could be abusive in one country or when received by one person or organization or whatever entity and could be ok with others
You must diffrentiate between acts illegal in some country and spam. It's 2 completeley different things. Note that even person-to-person messages containg for instance childporn is illegal in many countries, but it is not spam.
fourth, there is NO clear definition of abuse at the receivers side because of those different "feelings" or laws, but this one: ITS ABUSING HIM
Therefore the definition of spam is pretty easy: a spam email is an unwanted email that abusing the receiver
Its disturbing him, tricking him, forcing him to do illegal things, forcing him to buy things, he does not want, using his resources in a way, he did not intent, using his time, forcing him to learn and use techniques to get rid of it or whatever. He feels abused. Whats really annoying is that spam is delivered with stolen resources ( abusing
Now you have invented a "kitchen-variant" of definition os spam which most people disagrees with. Spam has nothing to do with any receiver beeing abused, it's only unsolicited commercial email(s). peoples computers and tricking them in delivering their spews). So with spam there is two victims. the person who's resources is unknowingly abused to send spam , and the recipient that has to pay for receiving spam.
And thats it.
And this group simply tries to make it easy to prevent abuse, if the abused one wants it ...
I am aware of this but it simply uses another unidentified term "spam." Using one undefined term to define another undefined term is not a standard. As an official spokesperson for a major security company you should know that. This is why most of these abuse groups look like they are run out of someone's Mother's basement. I think some people posting large signatures for a 3-word reply is spam so should they be blacklisted because I have that opinion? Should they be labeled an
Well, I personally feel abused by people joining a discussion without telling their name, dont reveal their background and kind of hide. I feel uncomfortable with it, because I do not get enough context to argue. Furthermore I think, its rude ...
Good day sir, my name is peter håkanson, which clearly was in my .sig.
I also feel abused by discussing the same things all over again ...
If nothing happens then the same issues will come up again and again ..
And so: I do not want most of your comments and mails, they are unwanted and unsolicited to me personally, they are using my time and energy to read and answer, they are making me angry, because they are rude and thats stopping me from arguing without fellings only using facts, and thats making me even more angry, and according to my definition: I would call them spam ...
Then please unsubscribe. Remember that thisis a opt-in list.
btw
And you can come with whatever argument, it will not count, cause you already abused me and you cannot take that back.
"abuser" or "spammer" or some other undefined term?
Kind regards, Frank -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
-- Peter Håkanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det är billigare att göra rätt. Det är dyrt att laga fel. )
peter h wrote: Hello Peter,
you cannot define spam because of different personal and legal definitions, you can only use it as a more general term, most people simply know what it is.
A disagree.
spam is a well defined thing. It's unsolcitated commercial email.
Sure, but its not a worldwide and lawfull definition. Its only commonly used like this ...
What is lacking in many countries is a legal definition and sanctions for sending spam.
And thats the point (we already know). So: you cannot judge anything as spam, simply because definition and laws differ.
We ought to be able to fight spam ( as an international problem) even if some countries does not have specific laws against it.
Thats surely true.
(you can try and defined "live". I will be happy, if you could, most people cannot and also have different definitions, but most people also have the same ideas, when they talk about "live". You can also try and define "red" ...)
second, we are talking about abuse here abuse is clearly definable, it happens on the receivers side, its either abusing somebody personally and could have various reasons or legal background, defined by different countries law, organisation rules, whatever ...
third, the same email could be abusive in one country or when received by one person or organization or whatever entity and could be ok with others You must diffrentiate between acts illegal in some country and spam. It's 2 completeley different things.
Just what I sayd.
Note that even person-to-person messages containg for instance childporn is illegal in many countries, but it is not spam.
That why we are not focusing on spam, we are focusing on abuse, what makes things much easier.
fourth, there is NO clear definition of abuse at the receivers side because of those different "feelings" or laws, but this one: ITS ABUSING HIM
Therefore the definition of spam is pretty easy: a spam email is an unwanted email that abusing the receiver
Now you have invented a "kitchen-variant" of definition os spam which most people disagrees with. Spam has nothing to do with any receiver beeing abused, it's only unsolicited commercial email(s).
But it would be a much better definition ;o)
Whats really annoying is that spam is delivered with stolen resources ( abusing peoples computers and tricking them in delivering their spews). So with spam there is two victims. the person who's resources is unknowingly abused to send spam , and the recipient that has to pay for receiving spam.
You are downgrade this on abuse again, and forget the word "spam" completely. If there are laws in the country of the abused resources, you can fight it and if if there are laws in the receivers country you can do the same.
Good day sir, my name is peter håkanson, which clearly was in my .sig.
Thnx for that.
Then please unsubscribe. Remember that thisis a opt-in list.
Hm, difficult. I like the tone of arround 99,9% of the mails coming through and Im pretty sure, that there is something like a netiquette for this list (we all maybe agreed to when signing in). I would prever, that most people do not hide instead of missing all the valuable other mails. Kind regards, Frnak -- MOTD: "have you enabled SSL on a website or mailbox today ?" -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
On Thursday 16 August 2012 19.06, lists@help.org wrote:
if its still the same abuser
This is why many of the blacklists are all screwed up.
Please clarify. in what way ?
There is no standards and people are are put into 2 classes, abusers, and non-abusers. If you ask 100 people to define abuser you get 100 different answers. If you ask a blacklist operator to define the term they will either ignore you or scoff at you. Then they will give a childish argument that networks are private property and they can block what they want that disregards the actual issues that operators normally have contracts with their users and labeling people as "abusers" with no real definition can lead to legal liabilities.
If you think that there is an obligation to receive whatever comes into a mailbox you are utterly wrong. My mailserver is my property and i block whatever i want for whatever obscure reason.
Of course any.one who brings up these issues is labeled a spammer which is why these issues never get corrected and why most blacklists are not legitimately operated.
A blacklist operator should have standards for putting people on the list, as well as an appeal and review process. I assume that any blacklist operator has a "standard", usually it's a listing done by some offending soam.
The good thing with blacklists is that ISP's might interact with the blacklist operator and remove ranges that no longer spam. If admin instead listed in their "access-files" then chances are that those listning will never be removed, and there is no visible authority to discuss them with. Thanks for spamcop et.al, they are the only thing that kees email still alive.
-- Peter Håkanson There's never money to do it right, but always money to do it again ... and again ... and again ... and again. ( Det är billigare att göra rätt. Det är dyrt att laga fel. )
Blacklists exists for a reason, the reason is that spam has been neglected for so long and so little has benn done by those that _should_ take action. This very group is a good example, once created to fight spam, but when very little got effected the list was renamed to anti-abuse. Today it deals mostly with whois-enhancements.
Spam is one of many problems facing Internet users and I have never heard that spam is "neglected." You just have spam as a pet peeve so you disregard all the other problems and think everyone else should too. Spam is a problem but so are people running around haphazardly blocking Internet traffic. You brought up another interesting point. This group is called anti-abuse but there is no real definition of "abuse" and even if there were this list doesn't really do anything to stop it. Maybe the name should be changed to whois standards or something like that.
participants (11)
-
"Michele Neylon :: Blacknight" -
Adam_Wosotowsky@McAfee.com -
Brian Nisbet -
Frank Gadegast -
Heather Schiller -
lists@help.org -
Luis Muñoz -
peter h -
Shane Kerr -
Thor Kottelin -
Tobias Knecht