Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 46, Issue 4
Sorry, the last message that I sent it was not ready. About the message from Ronald F. Guilmette - rfg@tristatelogic.com. Sirs, I'm a layman in this matter and I don't properly dominate the English language. But keeping the focus in the domain registrant it is like insisting blindly on a dead-end road. An example: I reported and still denounce a client of Enzu Inc - registrant Emerson Morais. Despite numerous complaints with evidence, this company - Enzu (ISP) - has refused to suspend his client. Worse! With angry of these complaints and insults that I started to do when it became clear that they did not care, their own abuse team has flooded my mailbox with spam. I already received in the last seven days, so far, 79 equal spam promising to take providence with respect to a specific complaint that I did. The Enzu is an internet service provider that supports spammers and is an accomplice in the practice of crime - phishing - and I can prove what I'm saying. With providers of that kind, spammers is a lesser evil. I understand that the focus should be directed to companies that provide the means and tools for the commission of that crime. Regards, Marilson -----Mensagem Original----- From: anti-abuse-wg-request@ripe.net Sent: Saturday, August 22, 2015 7:00 AM To: anti-abuse-wg@ripe.net Subject: anti-abuse-wg Digest, Vol 46, Issue 4 Send anti-abuse-wg mailing list submissions to anti-abuse-wg@ripe.net To subscribe or unsubscribe via the World Wide Web, visit https://www.ripe.net/mailman/listinfo/anti-abuse-wg or, via email, send a message with subject or body 'help' to anti-abuse-wg-request@ripe.net You can reach the person managing the list at anti-abuse-wg-owner@ripe.net When replying, please edit your Subject line so it is more specific than "Re: Contents of anti-abuse-wg digest..." Today's Topics: 1. Re: Fw: Spam-phishing (Ronald F. Guilmette) ---------------------------------------------------------------------- Message: 1 Date: Fri, 21 Aug 2015 13:01:19 -0700 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Fw: Spam-phishing Message-ID: <27273.1440187279@server1.tristatelogic.com> In message <1440125297.17376.0.camel@extraterrestrialmail.com>, wishcraft@user.sourceforge.net wrote:
You know we are making a place for all those kind of bans -- http://xortify.com
For the benefit of everyone on this list, perhaps you could describe, briefly, this project. Frankly, it is a little difficult to understand what this project is really all about from the home page that you posted a link for. After scrolling down past quite a lot of material on that page... material which provides no useful information to a prospective new user... I finally found a block of text under the heading of "A bit about Xortify!" But even this text raises more questions than it answers. I get the impression that this project is one whose primary aim is to develop, maintain, and publish... based upon inputs from a distributed base of many users in various places... something which amounts to an IP address blacklist, and that this blacklist is primarily intended to be used to prevent certain web visitors from doing certain things (e.g. signing up for accounts) based upon their IP addresses. Is that basically all correct? If so, it would be helpful if the text on the home page of the web site for this project would say that clearly, at the very beginning. It would also be most helpful if the project home page would answer the kinds of questions that apply generally, to all sorts of IP-address based blacklists, specifically: * How exactly is it determined that a given IP address is behaving (at present) in a "bad" way which makes it worthy of being listed on the blacklist? * Are entire ranges of IP addresses ever blacklisted? If not why not? And if so, how are the proper ranges determined, and by whom? * Might the list contain some IP addresses that are dynamically allocated to end users? And if so, isn't the claimed 3-month automatic expiration time for all listings excessive for those types of IP addresses? * Due to the increasing use of NAT, especially in conjunction with the dwindling supply of IPv4 addresses, doesn't blacklisting a single IP address contain the potential of creating "false positives" and the blocking of many many innocent users? (It seems to me that this problem would be substantially more sig- nificant in the case of a blacklist aimed at HTTP transactions, whereas it is only a very minimal problem in the case of IP address blacklists aimed at SMTP transactions.) Please don't get me wrong. I admire and applaud anyone who works to try to help his fellow man to block the actions of the bad and disruptive elements on the Internet. And thus, I admire and applaud this project. But before anyone might decide to become either a user or a contributor to such a project, it would be important, I think, to have answers to the key questions I have noted above. Regards, rfg End of anti-abuse-wg Digest, Vol 46, Issue 4 ********************************************
In message <48A6D44E0E4B43369169FEE5EB478058@SuperPC>, "Marilson" <marilson.mapa@gmail.com> wrote:
... But keeping the focus in the domain registrant it is like insisting blindly on a dead-end road. ... {... bad stuff about Enzu snipped...} ... With providers of that kind, spammers is a lesser evil. I understand that the focus should be directed to companies that provide the means and tools for the commission of that crime.
I wish that I understood what any of this had to do with the xortify.com project. I do not see ANY connection, either to that project, or to my questions about it. Regarding Enzu, yes, they have been on my personal bad list for a very long time. But they are hardly alone, and certainly not unique. There are many other providers that are just as bad, or worse, when it comes to harboring spammers and other net-miscreants. (In at least one case that I researched, the guy who owned the ISP had set up another, parallel company, which was itself dedicated to snowshoe spamming... using the IP address blocks of the "legitimate" ISP operation, of course. But beyond that, there are quite certainly companies, located in China, the Netherlands, Luxembourg, and other places that are quite entirely happy to allow any and all manner of hacking and other forms of criminality on their networks.) Regarding your suggestion that anti-abuse efforts should focus on the net's many abuse-tolerant providers, rather than on individual spammers and other kinds of individual naughty fellows, I can only say that I am in 100% agreement with you on this, and that I have been saying this exact thing to anyone and everyone who would listen for many years now. (In particular, I have repeatedly urged various Spamhaus people to use their domain-based blacklist to blacklist the main domain names of various bad ISPs/NSPs... as a way of focusing the attention of these providers on the abundant problems on their respective networks. But my requests/suggestions along these lines have fallen on deaf ears.) Lastly, an important point that I believe you may not have grasped is that calling for any sort of disiplinary actions directed at ISPs and/or NSPs is not at all likely to find a receptive audience here, on this mailing list. The majority of subscribers to this list are likely to be executives or employees of exactly such companies, and even if they believe strongly that their companies are among the good ones, there is... and always has been... a deep reluctance on the part of the entire Internet connectivity industry to accept any sort of rules or regulations, even if they serve the common good, and even if they are created and promoted from within the industry itself. The connectivity industry is still the "Wild West", and nobody in it wants anybody else telling them what to do, or not do. This pervasive attitude is certainly driven by an almost religious faith in laissez-faire everything, but also, in equal measures, by pride (both personal and in some cases national), and testosterone. None of these factors is going away any time soon. Regards, rfg
Guilleme, Marilson, completely agree. Almost all the people in this list is only concern on its own business and, as several of them are working for ISP's and are in the good boys side, they are not interested on changing the rules. But my point of view a few bad guys are doing great harm to the use and distribution of IP addresses as the only remedy to defend from those few bad guys is to apply through the courts blocking the IP addresses used for illegal purposes. These blockages occur at the country level layer, hopefully soon it will be possible to the European Union level. The end result is increasingly IP blocks affected by blockages in different countries or regions, and therefore not reusable. I think the good guys have to think about it... Ángel -----Mensaje original----- De: anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] En nombre de Ronald F. Guilmette Enviado el: lunes, 24 de agosto de 2015 23:29 Para: anti-abuse-wg@ripe.net Asunto: Re: [anti-abuse-wg] anti-abuse-wg Digest, Vol 46, Issue 4 In message <48A6D44E0E4B43369169FEE5EB478058@SuperPC>, "Marilson" <marilson.mapa@gmail.com> wrote:
... But keeping the focus in the domain registrant it is like insisting blindly on a dead-end road. ... {... bad stuff about Enzu snipped...} ... With providers of that kind, spammers is a lesser evil. I understand that the focus should be directed to companies that provide the means and tools for the commission of that crime.
I wish that I understood what any of this had to do with the xortify.com project. I do not see ANY connection, either to that project, or to my questions about it. Regarding Enzu, yes, they have been on my personal bad list for a very long time. But they are hardly alone, and certainly not unique. There are many other providers that are just as bad, or worse, when it comes to harboring spammers and other net-miscreants. (In at least one case that I researched, the guy who owned the ISP had set up another, parallel company, which was itself dedicated to snowshoe spamming... using the IP address blocks of the "legitimate" ISP operation, of course. But beyond that, there are quite certainly companies, located in China, the Netherlands, Luxembourg, and other places that are quite entirely happy to allow any and all manner of hacking and other forms of criminality on their networks.) Regarding your suggestion that anti-abuse efforts should focus on the net's many abuse-tolerant providers, rather than on individual spammers and other kinds of individual naughty fellows, I can only say that I am in 100% agreement with you on this, and that I have been saying this exact thing to anyone and everyone who would listen for many years now. (In particular, I have repeatedly urged various Spamhaus people to use their domain-based blacklist to blacklist the main domain names of various bad ISPs/NSPs... as a way of focusing the attention of these providers on the abundant problems on their respective networks. But my requests/suggestions along these lines have fallen on deaf ears.) Lastly, an important point that I believe you may not have grasped is that calling for any sort of disiplinary actions directed at ISPs and/or NSPs is not at all likely to find a receptive audience here, on this mailing list. The majority of subscribers to this list are likely to be executives or employees of exactly such companies, and even if they believe strongly that their companies are among the good ones, there is... and always has been... a deep reluctance on the part of the entire Internet connectivity industry to accept any sort of rules or regulations, even if they serve the common good, and even if they are created and promoted from within the industry itself. The connectivity industry is still the "Wild West", and nobody in it wants anybody else telling them what to do, or not do. This pervasive attitude is certainly driven by an almost religious faith in laissez-faire everything, but also, in equal measures, by pride (both personal and in some cases national), and testosterone. None of these factors is going away any time soon. Regards, rfg
participants (3)
-
anfernandez@lavanguardia.es -
Marilson -
Ronald F. Guilmette