Hello,

I still cannot believe a company would do such a thing. There is / was (currently down for whatever reason) a site www.antispews.org that was against this service provider.

Obviously, it was a big problem for other people to if someone devoted an entire website offering private mail servers to get around spews databases.

It looks like spews.org might be mirroed in San Fransico and in Asia. I found these IP's listed for the site:
203.15.51.44

Also, in the IP registrar:
inetnum: 203.15.32.0 - 203.15.63.255
netname: UQ1-AU
descr: Address space for commercial clients
descr: Information Technology Services
descr: University of Queensland
country: AU
admin-c: HM53-AP
tech-c: HM53-AP
mnt-by: MAINT-AU-UQ
changed: d.thomas@its.uq.edu.au 20020528
status: ALLOCATED PORTABLE
source: APNIC

role: UQ Hostmaster
address: Information Technology Services
address: The University of Queensland
country: AU
phone: +61 7 3365 4400
fax-no: +61 7 3365 7539
e-mail: hostmaster@uq.edu.au
admin-c: CT3-AP
tech-c: CT3-AP
nic-hdl: HM53-AP
mnt-by: MAINT-AU-UQ
changed: hostmaster@uq.edu.au 19991123
source: APNIC
-----------------------------------------------------------------------------
216.168.31.31
OrgName: Supernews, Inc
OrgID: SUPERN-4
Address: 350 The Embarcadero, 6th Floor
City: San Francisco
StateProv: CA
PostalCode: 94105
Country: US

NetRange: 216.168.0.0 - 216.168.31.255
CIDR: 216.168.0.0/19
NetName: ASN-NET-SUPERNEWS
NetHandle: NET-216-168-0-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.SUPERNEWS.NET
NameServer: NS2.SUPERNEWS.NET
NameServer: NS3.SUPERNEWS.NET
NameServer: NS4.SUPERNEWS.NET
Comment:
RegDate: 1998-12-22
Updated: 2002-08-20

TechHandle: ZC140-ARIN
TechName: 350 The Embarcadero
TechPhone: +1-415-541-2500
TechEmail: hostmaster@supernews.net




I think we should all start emailing that person stating some basic legal facts, such as the fact that spews.org has no valid legal contact information in the registrar or on their website. I believe this is against the Internic's registrartion agreement. Can anyone else vouch? Hopefully this violation can be reason for such displacement of hosting.

Enough e-mails I think we can get something done!

Let me know!

Antispews.org was a spammer attempting to spam/scam other spammers. The bottom feeding off of the bottom. That's not to say there aren't others who believe the way you do that spews is doing evil. I think it is the owners of the ip netblock (serverbeach) who are not shutting down the spammers listed in spews that are causing the problem. serverbeach put up its AUP, they should adhere to it. Their AUP was one of the reasons I chose their service.

these black lists are starting to sound more and more like BLACKMALE! not a public service. The policy seems to be guilty untill.... well, no you're blammed for being a spammer, then you are shut down. what no hope to clear yourself.

This is starting to worry me.
--dan

I've been keeping up with these SPEWS threads from the begining and I must say, the only one who even remotely makes any sense on the topic is awsolutions.

Saintbrie: you've posted the same thing over and over again, only rewording it slightly differently each time and I'm sure by now everyone understands what you're trying to say. You blame SB. It's a good thing the majority doesn't think like you.

awsolutions: I think you've got a good idea here and I hope others can follow suit.

a really good thread. I just wanted to open that but awsolutions was faster.

1. spews.org has no contacts in their web page
2. spews.org has no contacts in their domain records

i dont understand saintbrie. He is in love with spews :)

but too many arguments are telling us that they are a suspicious company or organization.

Is not normal that you own a public database which has an impact to the other persons, and you are anonymous.

Hello guys,

First off saintbri:

I do not condone spam! I do however don't condone my entire IP space being blocked by a third party instead of a single IP address! Understand the reason I am up for this fight - not to protect spam, but to protect my access.

QT:
Thanks for the support!

Everyone else:
Ok, I have prepared a letter. The only real thing we can complain about right now (legally I believe) would be the lack of legal information in the registrar. After all people are voluntarily using the spews DB as an e-mail filter.

Here is what I propose we do:
1.) Read the below letter and send it to the two below e-mail addresses
2.) Copy and paste the below letter into this form: https://joker.com/index.joker?mode=support&support_type=support This will contact the registrar about the complaints.

If enough people do this one of these 3 will help us!

Here is the letter:
-----------------------------------------------------------------------

To: hostmaster@supernews.net
CC: hostmaster@uq.edu.au


Subject: www.spews.org

Hello,

It has come to our attention that you may be hosting a site called www.spews.org. As a concerned member of the internet community I thought I might make you aware that the registered person of the domain spews.org is in violation of the registry agreement put in place by the internic for specific legal purposes. There is no valid contact information listed within the registrar or even on the website www.spews.org.

I would hope that you will take these matters seriously and address the issues as appropriate which may include suspending the users account until such a time the information can be updated.

I thank you for your time!

-----------------------------------------------------------------------------

Come on guys ;-)

Emailed! Kudo's to you to come up with this idea.

just emailed and also submited to the form. Notice that you must register in joker.com before posting to the form.

I hope this will result to something!

Hello,

Sorry I just clicked on the link and realized you do have to regsiter via that way.

WORKAROUND: Click support/contact on the lefthand side and scroll to the bottom of the form.

That will let you send it!

-Brian

Originally posted by saintbrie
Antispews.org was a spammer attempting to spam/scam other spammers. The bottom feeding off of the bottom. That's not to say there aren't others who believe the way you do that spews is doing evil. I think it is the owners of the ip netblock (serverbeach) who are not shutting down the spammers listed in spews that are causing the problem. serverbeach put up its AUP, they should adhere to it. Their AUP was one of the reasons I chose their service.

It seems that you are stuck on the idea that one must actually send spam to be labelled a spammer by SPEWS. SPEWS has IP addresses listed that have never run mail services. They also have hundreds of IP blocks listed to try to stop 1 or 2 spammers, yet the spammers can still send e-mail. Their tactics are ineffective and cause much collateral damage.

ServerBeach enforces the AUP very strictly. If someone is spamming, they are shut down. If someone is providing services for known spammers, they are warned and shut down if they do not take action. We cannot take action to prevent IP addresses from being blacklisted if we don't know they are being blacklisted until after it happens.

ServerBeach has a responsibility to serve its customers. SPEWS has no responsibility or obligation to do anything. They do not care who they list or what other damage it may cause, as long as they do not get spam. I feel it is irresponsible for any legitimate ISP to use SPEWS to filter spam. ServerBeach does not condone spam, but it would be irresponsible of ServerBeach to shut down servers simply for the fact that some random entity decided to put an IP address in their so-called spam blacklist. Every spam and abuse issue is researched and verified to be accurate before action is taken.

I have been reading a lot about spam lately. A week or so ago I received a bounce stating that our ip address was an open relay. I knew this was not the case so I had taken the steps to remove our ip from their list.

I think all of the suggestions that have been made are important, but I also think we would be even more successful if we educate current and future users of ServerBeach.

First: As far as spews is concerned. They can be contacted indirectly through the forums listed in the faq section. Place the evidence number in the subject and show evidence that the server that was spamming is dead. That is a start. Keep your business head on and make the request. We may or may not have any luck, but it is a start. Avoid trying to argue with the forum users. Like I said make the request and leave it at that. That is the best we can do regardless of what our personal feelings are regarding that particular service.

Second: We can all start posting howto's on how to prevent spamming. I had never used exim before so I needed to research the steps to be taken to disable relaying. After my cpanel update to the edge release I had to do it all over again. This is a big part of the solution.

Third: Enter your ip address into dnsstuff.com under the heading Spam Database Lookup. If your ip is listed research the list that has you listed. Many times you can be removed. If you do receive a bounced message my suggestion is to contact the postmaster that sent the bounced message. Explain your AUP and that you have taken the steps to be removed but in some cases that is not an option. Respectfully request they add your ip address to their whitelist. Also provide them a link to dnsstuff.com so you can show that you are only on lists where you cannot or it is very difficult to be removed.

Fourth: Limit your outgoing email per hour per user/domain. On an individual basis you can determine by speaking with your user and analyzing log files whether or not this is acceptable use.

Checking your logs regularly with scripts/log analyzers/manually is a very important process for any admin and often overlooked.

As far as servers being shutdown: We all agreed to the possibility of this happening if the AUP is violated. That is a fact. Your customers need to know in your AUP that this can happen. For people hosting shared services this is going to impact all customers on that particular server. If you feel that this will be unacceptable to your customers then I think they need to either go to a dedicated service or research some alternate method of redundancy.

With all that said I think it would be nice if we had a known procedure in the event this happens to one of us. I believe that if this were to happen on my server I would first send out a generalized emergency maintenance email to my customers. Then I would lockdown the ports preventing any further AUP violations. Then I would communicate with the individuals involved to track down the problem and eliminate it.

Anyway just my thoughts on the subject.

There are certainly some listed spam houses still active on ServerBeach. Some are listed here (http://www.spamhaus.org/sbl/sbl.lasso?query=SBL8261). For instance, www.34go.com still uses SB for its NS records, and is hosted on an SB machine.

If SB responds quickly to abuse complaints, these SPEWS and SBL issues will improve in time. Hopefully the situation won't get as bad as it was at Rackspace, where poor abuse desk responsiveness caused major problems.

I see however that these folks (http://www.spamhaus.org/sbl/sbl.lasso?query=SBL9371) have been shut down, which is good news. SB should contact the Spamhaus team (mailto:sbl-removals@spamhaus.org?subject=SBL listing SBL9371 66.139.76.215/32) to let them know.

Dang.

Jeremy, it is good to know that I'm not alone. I'm glad somebody else cares about the neighborhood.

I checked all of the SPEWS level 1 and 2 lists for ServerBeach IP addresses and found that many of the blacklist entries are outdated. In all but one case, the issue was resolved by either removing the offending server or warning the owner of the server to cease spam-related activity. In that one case, the spammer domain has moved away from the ServerBeach network but two DNS servers were still answering queries for that domain, so the blacklist entry stuck. This issue is being resolved now.

"Gone" means we have removed the offender or they have stopped their activity, but SPEWS hasn't noticed yet
"Dead" means SPEWS has recognized that the offender is gone but has not removed the listing

Here are the SPEWS blacklist entries and their status:

66.139.77.74/32 !!!!!!! [2] bulkemailsales, see http://spews.org/ask.cgi?S1829
- Dead
66.139.79.139/32 ! [1] blast4traffic, see http://spews.org/ask.cgi?S2359
- Gone
66.139.76.87/32 ! [1] thetoner, see http://spews.org/ask.cgi?S2396
- Gone
66.139.72.0/21 !!!!!!! [2] Extrahealth/PharmSafe, see http://spews.org/ask.cgi?S2523
66.139.74.0/24 ! [1] Extrahealth/PharmSafe, see http://spews.org/ask.cgi?S2523
66.139.74.199/32 ! [1] Extrahealth/PharmSafe, see http://spews.org/ask.cgi?S2523
66.139.77.0/24 ! [1] Extrahealth/PharmSafe, see http://spews.org/ask.cgi?S2523
66.139.77.15/32 ! [1] Extrahealth/PharmSafe, see http://spews.org/ask.cgi?S2523
- Hosting DNS for hghfreeshipping.com, 24 hour notice to correct issue
66.139.77.138/32 ! [1] Adultbillings/orgycorner/e-bulk/easyboy/pilotholding/bbasafehost, see http://spews.org/ask.cgi?S2547
- Gone
66.135.32.0/22 ! [1] midnightmailer, see http://spews.org/ask.cgi?S2694
66.135.34.0/24 ! [1] midnightmailer, see http://spews.org/ask.cgi?S2694
66.135.34.73/32 ! [1] midnightmailer, see http://spews.org/ask.cgi?S2694
- Gone (suspended 2003-07-28 00:52:00)
66.135.33.72/32 ! [1] bulkmails, see http://spews.org/ask.cgi?S2717
- Gone
66.139.76.128/25 !!!!!!! [2] super-zonda/transzamba, see http://spews.org/ask.cgi?S2738
66.139.76.215/32 ! [1] super-zonda/transzamba, see http://spews.org/ask.cgi?S2738
- Gone
66.139.73.192/27 !!!!!!! [2] nitro-net, see http://spews.org/ask.cgi?S624
66.139.73.211/32 !!!!!!! [2] nitro-net, see http://spews.org/ask.cgi?S624
- 66.139.73.211 was hosting DNS/MX for nitro-net, but nitro-net has moved out of ServerBeach
66.139.73.88/32 ! [1] Dean Westbury, see http://spews.org/ask.cgi?S2679
- Gone
66.135.32.87/32 !!!!!!! [2] Print Doctor, see http://spews.org/ask.cgi?S533
- Dead

As you can see, we do take care of the issues as we are made aware of them. Many off the offending domains listed above have been removed from our network for weeks or months.

-knightfoo

66.139.72.0/21 !!!!!!! [2] Extrahealth/PharmSafe, see http://spews.org/ask.cgi?S2523
66.139.74.0/24 ! [1] Extrahealth/PharmSafe, see http://spews.org/ask.cgi?S2523
66.139.74.199/32 ! [1] Extrahealth/PharmSafe, see http://spews.org/ask.cgi?S2523
66.139.77.0/24 ! [1] Extrahealth/PharmSafe, see http://spews.org/ask.cgi?S2523
66.139.77.15/32 ! [1] Extrahealth/PharmSafe, see http://spews.org/ask.cgi?S2523
- Hosting DNS for hghfreeshipping.com, 24 hour notice to correct issue


Update: this one has been corrected as well.

That is splendid work -- well done. Not only does this sort of response mean that blacklist problems are likely to get cleared up, but it also means that spammers will move elsewhere once they realise that using ServerBeach is not effective for them.

I would also suggest that you remove their DNS records from your DNS servers. That way, you're not providing them with any services anymore. Here is an example of some DNS records that you should probably remove:
www.34go.com. 86376 IN CNAME 34go.com.
34go.com. 86376 IN NS ns1.geodns.net.
34go.com. 86376 IN NS ns2.geodns.net.

34go.com. 86380 IN A 66.139.77.75

If you haven't posted this to NANAE, then it would probably be a good idea to do so. Of course, NANAE is a pretty scary place... the main trick to surviving there, I think, is to just post the outcomes of your investigations, and then not get involved at all in the discussion that follows.

I have noticed that posting to NANAE can expedite the removal of addresses from the spews blacklist, as long as effective action has been taken.

Originally posted by Jeremy Howard
That is splendid work -- well done. Not only does this sort of response mean that blacklist problems are likely to get cleared up, but it also means that spammers will move elsewhere once they realise that using ServerBeach is not effective for them.



It also goes to show how far behind SPEWS is. You would think that since SPEWS is so powerful, they would at least keep their records updated. Or is it another one of those "I'm the big guy now so I don't care" type thing?

Before now, I had never even heard of SPEWS, and I don't consider them big by any means. I haven't had much of a problem with email and haven't had anything bounce yet; although I don't have a large quantity of mail coming through either.

I don't even know of anyone that uses them. Most of the other admins I know use spamassasin with spamhaus and other big name lists.

Hey Serverbeach staff: (I also sent this as an e-mail!

SPEWS Blacklist Removal Info for 66.135.34.150



We block IP's because certain Service Providers do not actively defend their network from worms, open proxy viruses and network abuse. By allowing 66.135.34.150 on our network, we may jeopardize our ability to do business. By even using 66.135.34.150, you may be exposed to damages, as a result of this prior poor maintenance.

Your ISP knew about the problems with 66.135.34.150 when they assigned it to you.

Info: [1] midnightmailer, see http://spews.org/ask.cgi?S2694

To have this listing removed from SPEWS, the Service Provider responsible for the IP address 66.135.34.150 needs to post a message to the news.admin.net-abuse.email newsgroup, quoting the reference S2694, and let them know what has been done to fix the problem. If the reason for the listing has been fixed they will normally immediately remove the listing from the SPEWS. If you are planning on moving ISP's, you can name the ISP, the IP's and post a timetable, and they may open up the temporary range for that period of time. The faster the move, the more likely they will do this (1 week is acceptable). Remember, your ISP was told about this listing - and they knew about it when they gave you the IP address.

We would suggest sending an email to ipadmin@serverbeach.com. Pasting in the exact information above information, as well as any other documentation you have on this issue.

Please check my previous post for a list of all SPEWS blacklists and their status. 66.135.34.0/24 is one of the netblocks where the problem has been resolved but SPEWS has not yet removed the block.

-knightfoo

I saw your previous post; I got that off of zoneedit's website....they don't let you link dns to a site listed on spews (which is beyond me). I don't understand why not, if spam, why spews then? Why not a reputable blacklist?

Oh well,

-Brian

I think you are doing what spews want in this moment. Giving to them too much importance.

Now a little test:

How many of you (mail server owners) use spews or other blacklists for blocking spam?

Please give an answer.

I'll count votes.

Thx

I use realys.ordb.org

I might switch to spamcops though.

Another thing

I just checked dnsstuff.com for my IP address. I was listet (all the SB subnet of course) in 4 of 150 Blacklists.

Lets say i was listed in 2% of all blacklists (hope that dnsstuff has all blacklists of the world in that list)

Now tell me what blacklist u use in your mail server? And how you can be sure that blacklist that you are using is better then another one, or more refreshed, or more accurate...

This inflation of blacklists is normal. Because this is a idiot strategy againts spam. With no authority in this field, an anarchy is created.

You are noone, and you want to create a business? Very good. Create a blacklist (and disturb someone :) )

Well ordb just blocks open relays. It is very easy to get off it - if you are a systems admin and you close your box down tightly. It probably isn't as good as some others (lets more spam through) but atleast i don't have to worry about having a message getting deleted.

I completly agree with your last sentece. Is really more important to get an important mail. If you get some spam also, bad, but not a big problem. A big problem exist if you dont get that important email.

I have checked ORDB and i think is much better then the others. But anyway i dont trust blacklists. I think using a software is much better. There you can customize everything with some parameters. Ok, i know, you can get spam in that mode, but also with blacklists you can get spam. But with the software you nearly dont loose any important email.

Regards!

I got the ultimate solution. This is my policy; I don't use any filters or filter blacklists, end of story. Why? Answer: they are never 100% accurate. If my customers want to use their own filter on their Email client (IE: Norton Internet Security), they are more than welcome. I am not responsible for some jerk sending my customers Email. If some one sent you junk postal mail, do you go blame the post office? Do you expect them to accurately filter your mail? If I had an IP address that was blacklisted, well too bad. I can't control people who want to add my IP's to their lists. It is the responsibility of the Email recipient to let their ISP know they do not wish them to use a blacklist. If the ISP doesn't listen, move on. I will be happy to take on more customers. I don't use filters, just good ole fashion Email. Likewise, if any SB IP is on a blacklist, that's the way it goes. Here's the deal. No one is perfect. That being said, An open relay will always happen, almost all by accident. SB may boot someone for a service violation, but they can't until a service violation has been committed. So if someone wants to blacklist a SB IP, go for it. Those who use blacklists are only hurting their business. But I would say, it IS NOT SB's responsibility:cool: Those of you who have clients who can't get any Email because of a blacklist, I suggest you tell your clients to look for an ISP who don't use these blacklists. In fact, I always make it a priority to mention this before I obtain a long term account.

Originally posted by awsolutions
[B]I use realys.ordb.org

I might switch to spamcops though.Don't: http://jhoward.fastmail.fm/spamcop.html

Very interusting article - I like how according to their own ratios their site should be blocked too!

Originally posted by awsolutions
Very interusting articleThanks - glad you enjoyed it. :)

Originally posted by awsolutions
Hello guys,

First off saintbri:

I do not condone spam! I do however don't condone my entire IP space being blocked by a third party instead of a single IP address! Understand the reason I am up for this fight - not to protect spam, but to protect my access.

QT:
Thanks for the support!

Everyone else:
Ok, I have prepared a letter. The only real thing we can complain about right now (legally I believe) would be the lack of legal information in the registrar. After all people are voluntarily using the spews DB as an e-mail filter.

Here is what I propose we do:
1.) Read the below letter and send it to the two below e-mail addresses
2.) Copy and paste the below letter into this form: https://joker.com/index.joker?mode=support&support_type=support This will contact the registrar about the complaints.

If enough people do this one of these 3 will help us!

Here is the letter:
-----------------------------------------------------------------------

To: hostmaster@supernews.net
CC: hostmaster@uq.edu.au


Subject: www.spews.org

Hello,

It has come to our attention that you may be hosting a site called www.spews.org. As a concerned member of the internet community I thought I might make you aware that the registered person of the domain spews.org is in violation of the registry agreement put in place by the internic for specific legal purposes. There is no valid contact information listed within the registrar or even on the website www.spews.org.

I would hope that you will take these matters seriously and address the issues as appropriate which may include suspending the users account until such a time the information can be updated.

I thank you for your time!

-----------------------------------------------------------------------------

Come on guys ;-)


Here's a reply I received in reply of sending the above mentioned:

To: (emails removed for privacy)
Subject: Re: [ITSC #1471] spews.org


Your request #1471 was resolved by matthew:


This is not a UQConnect issue. Please address it to the relavent
registar.


Thank you

Matthew

Looks like some info has been updated regarding SPEWS...they now have (supposed) valid info. (looking up the 'whois' on joker.com)

Here is my take on the whole Spews issue.

Its not my issue as a SB customer. It is SBs issue as a provider. If my IP is blacklisted by it because of the actions of another SB customer, SB should do everything within their power to immediately move me and any other customers concerned by this to an address space that is not blacklisted. If they do not, then they are not providing a complete and viable service to the customers.

I realize that there are alot of people that will think that I am being unfair to SB, but if I am paying for a service I shouldnt have worries about things like this.

Silicon Junkie,

Please read the atleast 6 other pages about spews before making an un-educated opinion -

SB does everything in their power for spews - spews does not have any way for SB to contact them and SB is at the will and mercy of a bunch of pissed off, unprofessional, heat-headed people who run such a list.

I believe SB personell have explained this - I have - and atleast 8 other members have.

Any further post about spews should just be simply ignored since it is simply going to be regurgated information.

Silicon Junkie,

Please read the atleast 6 other pages about spews before making an un-educated opinion -

SB does everything in their power for spews - spews does not have any way for SB to contact them and SB is at the will and mercy of a bunch of pissed off, unprofessional, heat-headed people who run such a list.

I believe SB personell have explained this - I have - and atleast 8 other members have.

Any further post about spews should just be simply ignored since it is simply going to be regurgated information.

Thats my opinion!

Still not my issue as a SB customer. It is their issue as a provider. It really is that simple.

I want to show you something important. Read carefully this:

--------------------------
SpamCop BL is a system that is widely used by email providers for blocking email which may be spam. <b>However, providers using this service are blocking up to 10,000 legitimate emails sent to their own customers, for each spam they block. </b>SpamCop BL is a system that is open to abuse, and can be very inaccurate. SpamCop BL advises on their home page that production sites should not use the service - email providers that ignore this advice are causing problems for their own customers, while wasting the time of mail abuse departments that would be better spent fighting spammers.
----------------------------
From: http://jhoward.fastmail.fm/spamcop.html


I dont think this is an SpamCop issue. This is a blacklists issue. Just think about that: 10000 valid emails blocked for 1 spam email.

Is just the same as you kill 10000 persons because one of them was a criminal.

lol

Someone has juridical education here?

I love that technical contact

http://assured.cx/

Wow, what a great company it looks like.... NOT!

--dan

This might be of interest :)

http://www.serverbeach.com/forums/showthread.php?s=&postid=2605#post2605

-knightfoo