North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ARIN whois

  • From: Bill Larson
  • Date: Sun Nov 28 00:30:37 1999

I am sorry but this thread would be best suited to
news.admin.net-abuse.email.
I hate that my first posting to this list is of this subject matter but your
Spam on antispam is driving me insane here.


----- Original Message -----
From: Dean Anderson <[email protected]>
To: Gene Black <[email protected]>; <[email protected]>
Cc: 'Robert Gash' <[email protected]>; <[email protected]>
Sent: Saturday, November 27, 1999 4:05 PM
Subject: Re: ARIN whois


>
> Option 3. Invoice them for services. Send a demand letter for services
rendered, and tell them to refrain from further relaying until payment terms
are arranged. Send the letter certified return receipt to the corporate
agent.  If the services rendered exceed $5000, report the act to the FBI.
To make an effective criminal complaint that can be prosecuted, you need to
make efforts to collect the money.  After the demand letter, engage a lawyer
to sue them, or a collection agency to collect the money.
>
> Before ORBS and the antispammers started inciting attacks this summer,
spammers did not find our service. Anyone that runs an active probe service
on a leased line would be discovered, and shutdown. You aren't going to
probe much of the internet on a dialin line.  We know how to stop people on
static IP addresses.
>
> Criminal relaying depends on a service like ORBS to collect and
disseminate information on where to find a relay.
>
> This is why we ask all operators to block traffic to ORBS, which has
recently changed addresses to 202.36.147.16.  We had blocked 202.36.148/24.
I just noticed they changed IP addresses to avoid filters. These are our new
filters:
>
> access-list 104 deny ip 202.36.148.5 0.0.0.255 any
> access-list 104 deny ip 202.36.147.16 0.0.0.255 any
>
> Slippery.  But these two /24's appears to be all that is swipped to them.
>
> I want to offer my heartfelt thanks to all operators who have blocked them
so far. This holiday weekend has certainly been better.
>
> --Dean
>
> Around 10:42 AM 11/27/1999 -0600, rumor has it that Gene Black said:
> >That's why you engineer around the problem to insure that your
> >legitimate business can continue when you shut down your relays. If you
> >leave them open long enough, the spammers will eventually find you, and
> >when they do, you're only going to have two options left:
> >
> >1. Close the relays
> >
> >or
> >
> >2. Quit offering any type of SMTP services.
> >
> >This is what prompted us to close our relays a few years back. The sheer
> >amount of spam coming through was so massive as to effectively shut down
> >our mail servers and eat a very significant portion of our bandwidth.
> >Users won't tolerate outages like that - and shouldn't have to. The
> >majority of it was coming in from remote places overseas as well - not
> >the sort of thing that you can easily pursue legally if you can pursue
> >it at all.
> >
> >Just my two cents...
> >
> >
> >"Roeland M.J. Meyer" wrote:
> >>
> >> You have just explained why you are a SysAdmin and not a business
operator.
> >> The issue is not that closing them is difficult. The issue is that it
will
> >> ALSO close down a legitimate business.
> >>
> >> > -----Original Message-----
> >> > From: [email protected] [mailto:[email protected]]On Behalf
Of
> >> > Robert Gash
> >> > Sent: Monday, November 22, 1999 12:45 PM
> >> > To: Dean Anderson
> >> > Cc: [email protected]
> >> > Subject: Re: ARIN whois
> >> >
> >> >
> >> >
> >> > Dean, perhaps I am not fully understanding your logic behind
> >> > not closing
> >> > your relays.  I have been a systems administrator for 4 years
> >> > and I have
> >> > not ever found an application where I needed to leave my SMTP
> >> > relays open
> >> > to the world.  I do not doubt that you have legitimate
> >> > business purposes
> >> > in mind when opening your relay, but at some point you must
> >> > decide that
> >> > legal action will be too slow to fix anything and that it
> >> > might be a good
> >> > time to close your relays to aleviate other problems.  Simply
> >> > saying "I
> >> > shouldn't need locks on my doors because everyone should be
> >> > honest and never come into my house without my permission,"
> >> > dosen't cut it
> >> > in this world, and I am quite sure that you have
> >> > locks on every portal to your house, so why should your SMTP
> >> > server be any
> >> > different?  Taking such a stance and refusing to close your
> >> > relays is simply a foolish decision.
> >
> >
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>            Plain Aviation, Inc                  [email protected]
>            LAN/WAN/UNIX/NT/TCPIP          http://www.av8.com
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++