So many idiots. So little time.
[ part 1 - text/plain - Notification 574B ] This is the mail system at host segfault.tristatelogic.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <abuse@serverius.net>: host mail.serverius.net[91.221.69.174] said: 554 5.7.1 This message has been blocked because ASE reports it as spam. (in reply to end of DATA command) [ part 2 - message/delivery-status - Delivery report 435B (suppressed) ] [ part 3 - message/rfc822 - Undelivered Message 23.2KB ] Number is required after -h Return-Path: <rfg@tristatelogic.com> Received: by segfault.tristatelogic.com (Postfix, from userid 1237) id 754EF4E7D0; Fri, 12 Aug 2022 14:59:24 -0700 (PDT) From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: abuse@serverius.net Cc: spamreports@tristatelogic.com Subject: Spam from your network (AS50673): [194.104.236.160] Date: 12 Aug 2022 14:59:24 -0700 X-Rfg-Spam-Report: (AS50673): [194.104.236.160] Message-Id: <20220812215924.754EF4E7D0@segfault.tristatelogic.com> ...
Idiots is the wrong choice of word here. Hanlon's Razor does not apply to Serverius. Cheers, Hans-Martin
In message <f6e54836-fcc1-ccda-db41-1cfca01c5ae2@heeg.de>, Hans-Martin Mosner <hmm@heeg.de> wrote:
Idiots is the wrong choice of word here. Hanlon's Razor does not apply to Serverius.
Thank you for this information. I shall be adjusting my local blacklists accordingly. ORG-SHB2-RIPE: 5.178.64.0/21 5.188.12.0/22 5.255.64.0/19 46.249.32.0/19 89.47.1.0/24 91.221.69.0/24 93.158.200.0/21 93.158.208.0/20 160.20.152.0/22 178.21.16.0/21 185.1.222.0/23 185.8.176.0/22 185.12.12.0/22 185.53.160.0/22 185.79.112.0/22 194.107.76.0/22
I would say perfect for that anti abuse training! Because if u can't solve the below and some other important issues that excist (for at least one or more decades) with the current system that whole training is useless. Even when it's made with good intentions and all, in my opinion it's useless and will not solve the real problem. Just like all the big problems in this world why not try to create patches that create even more problems instead of solving the real issue.... I couldn't resist to react on this one (sorry) -----Original Message----- From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> On Behalf Of Ronald F. Guilmette Sent: zaterdag 13 augustus 2022 01:01 To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] So many idiots. So little time. [ part 1 - text/plain - Notification 574B ] This is the mail system at host segfault.tristatelogic.com. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <abuse@serverius.net>: host mail.serverius.net[91.221.69.174] said: 554 5.7.1 This message has been blocked because ASE reports it as spam. (in reply to end of DATA command) [ part 2 - message/delivery-status - Delivery report 435B (suppressed) ] [ part 3 - message/rfc822 - Undelivered Message 23.2KB ] Number is required after -h Return-Path: <rfg@tristatelogic.com> Received: by segfault.tristatelogic.com (Postfix, from userid 1237) id 754EF4E7D0; Fri, 12 Aug 2022 14:59:24 -0700 (PDT) From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: abuse@serverius.net Cc: spamreports@tristatelogic.com Subject: Spam from your network (AS50673): [194.104.236.160] Date: 12 Aug 2022 14:59:24 -0700 X-Rfg-Spam-Report: (AS50673): [194.104.236.160] Message-Id: <20220812215924.754EF4E7D0@segfault.tristatelogic.com> ... -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Am 13.08.22 um 14:13 schrieb jeroen@hackersbescherming.nl:
I would say perfect for that anti abuse training!
Training is useful if you want to learn and achieve the training subject matter. Serverius (like many other hosting/colocation providers) is in the business of deflecting trouble from their customers. In an old antispam forum post I found this quote without exact source, which could be used verbatim by most of them:
Serverius IT infrastructure is providing underlying infrastructure services without any hosting activities. Serverius is not a hosting provider as it has no data carrier hardware like servers or disk storage services under management (only our clients do). Serverius is only providing the parent data center colocation of client hardware and/or IP connectivity services that are used by clients to build their own infrastructure. Their services are used by millions of companies in the world. Therefore Serverius does not know what Serverius network users are hosting (it's technically impossible for us to see and forbidden by law) and Serverius is therefore not liable for what our customer hosts behind its own network and/or on his own infrastructure. Legally, they may be right (of course they are not allowed to peek into their customer's servers). However, there's something more to it - you could have contract and AUP clauses which prohibit spamming/abuse and give the provider leverage to enforce that prohibition. But some providers apparently prefer to keep such clauses out of their contracts and don't want to waste money on abuse desk training because a well-paying customer is a well-paying customer after all. "Pecunia non olet", as Vespasian is reported to have said.
Those are not the target group for anti abuse training. They would probably need it, but first they would need the will to stop network abuse emanating from their infrastructure. Cheers, Hans-Martin
In message <b01016f4-fb84-3322-62da-65568aa6a0f7@heeg.de>, you wrote:
Am 13.08.22 um 14:13 schrieb jeroen@hackersbescherming.nl:
I would say perfect for that anti abuse training!
Training is useful if you want to learn and achieve the training subject matter. Serverius (like many other hosting/colocation providers) is in the business of deflecting trouble from their customers. In an old antispam forum post I found this quote without exact source, which could be used verbatim by most of them:
Serverius IT infrastructure is providing underlying infrastructure services without any hosting activities. Serverius is not a hosting provider as it has no data carrier hardware like servers or disk storage services under management (only our clients do). Serverius is only providing the parent data center colocation of client hardware and/or IP connectivity services that are used by clients to build their own infrastructure. Their services are used by millions of companies in the world. Therefore Serverius does not know what Serverius network users are hosting (it's technically impossible for us to see and forbidden by law) and Serverius is therefore not liable for what our customer hosts behind its own network and/or on his own infrastructure. Legally, they may be right (of course they are not allowed to peek into their customer's servers). However, there's something more to it - you could have contract and AUP clauses which prohibit spamming/abuse and give the provider leverage to enforce that prohibition. But some providers apparently prefer to keep such clauses out of their contracts and don't want to waste money on abuse desk training because a well-paying customer is a well-paying customer after all. "Pecunia non olet", as Vespasian is reported to have said.
Digital Ocean apparently has the exact same sort of "Not our problem man!" attitude. I've reported spams to them, and they say "OK, thanks. We have forwarded this to our customer." (Nice of them to do this so that their customer can then DDoS me.) Regards, rfg
My bad! I assumed that when u create or follow a training course that u want to learn or teach a way that ALWAYS works. With my assumption of the below. To solve the abuse problem u either need a system that can hold the abuser responsible or and that would be even better u need a system where nobody would grow an interest to even try to abuse and when u start thinking into this direction all the other "BIG" problems in the world will become easy to solve. (Yes u read this right they are easy to solve, we currently just use the wrong systems (all over the world) to guide and lead us) When u would have a good system then a large portion or maybe even all of the current training material would be irrelevant since it is based on the current system that doesn't provide a solution for the problem. What u are saying is that when I create a training that teaches 1+1=11 and someone out there wants to learn this that this would be a usefull training .... (maybe for someone to do on his own but not for a global/regional solution). It doesn't matter to which group u belong to, in the end we all belong to the same group called Humans.... We need a fair worldwide system where power is removed from all individuals!!!! (Since power allways creates a form of abuse) Kind regards, Jeroen -----Original Message----- From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> On Behalf Of Hans-Martin Mosner via anti-abuse-wg Sent: zaterdag 13 augustus 2022 16:47 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] So many idiots. So little time. Am 13.08.22 um 14:13 schrieb jeroen@hackersbescherming.nl:
I would say perfect for that anti abuse training!
Serverius IT infrastructure is providing underlying infrastructure services without any hosting activities. Serverius is not a hosting provider as it has no data carrier hardware like servers or disk storage services under management (only our clients do). Serverius is only providing the parent data center colocation of client hardware and/or IP connectivity services that are used by clients to build their own infrastructure. Their services are used by millions of companies in the world. Therefore Serverius does not know what Serverius network users are hosting (it's technically impossible for us to see and forbidden by law) and Serverius is therefore not liable for what our customer hosts behind its own network and/or on his own infrastructure. Legally, they may be right (of course they are not allowed to peek into
Training is useful if you want to learn and achieve the training subject matter. Serverius (like many other hosting/colocation providers) is in the business of deflecting trouble from their customers. In an old antispam forum post I found this quote without exact source, which could be used verbatim by most of them: their customer's servers). However, there's something more to it - you could have contract and AUP clauses which prohibit spamming/abuse and give the provider leverage to enforce that prohibition. But some providers apparently prefer to keep such clauses out of their contracts and don't want to waste money on abuse desk training because a well-paying customer is a well-paying customer after all. "Pecunia non olet", as Vespasian is reported to have said. Those are not the target group for anti abuse training. They would probably need it, but first they would need the will to stop network abuse emanating from their infrastructure. Cheers, Hans-Martin -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
Jeroen, ist's hard to distinguish between straight statements and serious questions on one hand and sarcasm, rhetorical questions and strawman arguments on the other hand in written communication, especially when there sometimes seems to be a "mode switch". I'm trying to respond seriously and to be explicit about how I understood your statements. Am 14.08.22 um 10:26 schrieb jeroen@hackersbescherming.nl:
My bad! I assumed that when u create or follow a training course that u want to learn or teach a way that ALWAYS works.
I'm unsure whether you meant that seriously or sarcastically. Of course the assumption is wrong. Training is a way of improving your ability to do something, not of learning something that always works. A football team will train to learn to play better and win more games, not to learn a away that will let them win ALWAYS. Similarly, an abuse desk team will train to learn ways of detecting abuse earlier, to distinguish between true and false abuse accusations, to use tools and automation to focus their human attention on the tricky problems instead of doing rote work, etc. None of that will guarantee that there will be no abuse from their network, but it will likely reduce the amount by catching it quicker and making it unattractive for spammers. Of course, that's the theory, but my experience from the other side of the fence is that quick and swift action is the primary thing that reduces the amount of spam, and it should work equally well and on a larger volume on the provider side.
With my assumption of the below. To solve the abuse problem u either need a system that can hold the abuser responsible or and that would be even better u need a system where nobody would grow an interest to even try to abuse
and when u start thinking into this direction all the other "BIG" problems in the world will become easy to solve. (Yes u read this right they are easy to solve, we currently just use the wrong systems (all over the world) to guide and lead us) Is this a strawman argument of the form "we should not try to solve problem X because we can't solve problem Y and
Did you forget a period here? As such, this sentence sort of makes sense, although I would not strive to "solve" the abuse problem but to reduce the volume and impact on recipients. Holding abusers responsible may be one way (although it would be necessary to define what that means). A system where nobody would grow an interest to even try abuse is impossible, we know from the non-effectiveness of capital punishment against murder etc. that there is no effective deterrant that keeps people from wanting to do and actually doing horrible things. The only "effective" way would be to lock up everybody as a safety measure. That's like blocking access to port 25, surely it keeps out the spam, but would have some undesirable side effects. So, this is not what I want. that's even bigger"? That's faulty logic, I assume written tongue-in-cheek.
When u would have a good system then a large portion or maybe even all of the current training material would be irrelevant since it is based on the current system that doesn't provide a solution for the problem.
That's an assumption about the training material (which I haven't seen and know nothing about) and the current system that I don't share. It seems to imply that there is no way of reducing the amount of spam in the current system, which is IMO not true. I do think that the current system is lacking in some areas but is overall usable, and that it is possible to reduce abuse within the framework of the current system. Usable training material would teach what can be done at one point (one provider) to achive this without requiring undue cooperation from other players or changing the system. That is, actually doable changes to one's operation to reduce the amount of abuse.
What u are saying is that when I create a training that teaches 1+1=11 and someone out there wants to learn this that this would be a usefull training .... (maybe for someone to do on his own but not for a global/regional solution).
Looks like a strawman argument again. I'm not proposing that training should teach nonsense and that someone out there could want to learn nonsense, so this would be useful training. What I was saying is that a training course (which I presumed teaches something actually useful in reducing the spam load) can only be useful for organizations that want to get closer to that goal. If an organization does not share that goal (or has different main goals), they most likely would not want or need the training.
It doesn't matter to which group u belong to, in the end we all belong to the same group called Humans.... We need a fair worldwide system where power is removed from all individuals!!!! (Since power allways creates a form of abuse)
Looks like a hyperbole/strawman argument again: "If we can't solve the worldwide power abuse issues, we should not even try to fight local abuse". Faulty logic.
Kind regards,
Jeroen Cheers, Hans-Martin
participants (3)
-
Hans-Martin Mosner -
jeroen@hackersbescherming.nl -
Ronald F. Guilmette