|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Attn MCI/UUNet - Massive abuse from your network
On Mon, 21 Jun 2004, Ben Browning wrote: > At 12:28 PM 6/21/2004, Christopher L. Morrow wrote: > >the ethics office doesn't need to see your complaints, they don't really > >deal with these anyway. > > I am quite sure that the ethics department does not deal with spam > complaints. My complaint is that your stated policy is clearly not being > followed. MCI is currently the Number 1 spam source on many lists- > certainly, your overall size skews that figure somewhat, but the listings I > see (on the SBL anyway, I do not have the many hours needed to read all the > documentation SPEWS has to offer) have reports that are at least 6 months > old and are still alive... The sbl lists quite a few /32 entries, while this is nice for blocking spam if you choose to use their RBL service I'm not sure it's a good measure of 'spamhaus size'. I'm not sure I know of a way to take this measurement, but given size and number if IPs that terminate inside AS701 there certainly are scope issues. All that said, I'm certainly not saying "spam is good", I also believe that over the last 4.5 years uunet's abuse group has done quite a few good things with respect to the main spammers. > > As an example, I see a posting that says emailtools.com was alive on > 206.67.63.41 in 2000. They aren't there any more... But now: > > [[email protected]]$ telnet mail.emailtools.com 25 > Trying 65.210.168.34... > Connected to mail.emailtools.com. > Escape character is '^]'. Sure, customer of a customer we got emailtools.com kicked from their original 'home' now they've moved off (probably several times since 2000) to another customer. This happens to every ISP, each time they appear we start the process to disconnect them. I'm checking on the current status of their current home to see why we have either: 1) not gotten complaints about them, 2) have not made progress kicking them again. > >On Mon, 21 Jun 2004, Ben Browning wrote: > > > > > At 11:42 AM 6/21/2004, Christopher L. Morrow wrote: > > > >curious, why did you not send this to the [email protected] alias? > > > > > > I wanted it to get read. > > > >messages to [email protected] do infact get read... > > Allow me to rephrase- I wanted it to be read and hoped someone would act on > complaints. I have no doubt MCI is serious about stopping DDOS and other > abusive traffic of that ilk- when it comes to proxy hijacking and spamming, > though, [email protected] turns a blind eye. What other conclusion can I draw from the This is not true, the action might not happen in the time you'd like, but there are actions being taken. I'd be the first to admit that the timelinees are lengthy :( but part of that is the large company process, getting all the proper people to realize that this abuse is bad and the offendors need to be dealt with. > 200ish SBL entries under MCI's name? Why else would emailtools.com(for > example) still be around despite their wholesale raping of misconfigured > proxies? emailtools will be around in one form or another, all the owner must do is purchase 9$ virtual-hosting from some other poor ISP out there who needs the money... they may not even know who emailtools is, if that ISP is a uunet/mci customer then we'll have to deal with them as well, just like their current home. you must realize you can't just snap your fingers and make these things go away. > > All I want is a couple of straight-up answers. Why do complaints to uunet > go unanswered and the abusers remain connected if, in fact, the complaints I believe you do get an answer, if not the auto-acks are off still from a previous mail flood ;( Please let me know if you are NOT getting ticket numbers back. They might be connected still if there were: 1) not enough info in the complaints to take action on them 2) not enough complaints to terminate the account, but working with the downstream to get the problem resolved 3) action is awaiting proper approvals. There might be a few more steps things could be in, but in general all complaints that have proper/actionable info are dealt with. > are read? Why has MCI gone from 111 SBL listings as of January 1 to 190 as I think the answer is shifting winds in spammer homelands, I'll look through the list and see if we know about the problem children in the list and what we are doing about them. > > If I am a kook and an idiot for wanting a cleaner internet, well then I > guess I am a kook and an idiot. not for that, just for taking this up in the wrong place... but people call me kooky too, so maybe I'm just skewed.
|