Blacklist MadnessI have been losing incoming mail (apologies if you have written to me and I haven’t replied). No mail from Wanadoo has been reaching my west-penwith.org.uk addresses.
Wanadoo, formerly known as Freeserve and soon to become Orange, is one of the largest ISPs in Britain; possibly in Europe as well. Despite its rather poor customer service reputation, it is very popular with low activity users, which is why most of the rest of my family, my church, and many friends use it. I wrote to my hosting company (DotEasy.com) and they said that
Wanadoo’s email server is black listed by spambag.org
The address in question is 193.252.22.157. When I queried this, because I deliberately do not subscribe to their anti-spam service preferring to handle it myself, they said
Doteasy does not use spambag.org
but that
Wanadoo.co.uk is appearing on our external relay blocking list, which includes more than one external spam blocking database. We are unable to “unblock” IP addresses that appear on this list.
I am not sure that I believe them but there is little more that I can do (except walk).
I also wrote to Wanadoo (in my role as Technology Manager for my church) and they said that they are
in contact with several well-recognised blacklisting organisations
but not with the
smaller providers such as Spews who do not provide contact details
(not mentioning Spambag.)
The feature of the blacklist in question is called a backscatter list. Spam often includes forged return addresses. If a mail server rejects the spam, some send a “bounce” to the reply address which ends up at an innocent third party rather than the spammer. This is backscatter and Spambag operates a “shoot first and ask questions later” policy listing whole domains and address ranges.
So where does that leave us—an unaccountable organisation (Spambag, just one guy and his vendetta) working with an unknown infrastructure organisation is blocking legitimate mail between my friends and me. Spambag justifies his actions on the grounds that he is entitled to block whatever he likes from his network and I agree. However he has also taken positive action to make his list available to anyone else and they have implemented it at random and unknown points throughout the internet. This is lunacy.
The real lunacy is that blacklists don’t work at all because the lister cannot keep up with the rapidly moving spammers; much spam comes from compromised user’s machines; blacklists penalise the innocent—they have no, or very little, control over their ISP and are often unaware that there is anything wrong. Blacklists are what has made email an unreliable form of communication and have caused a lot of disillusionment for Joe Public about the internet revolution.
In the mean time, for those who can’t get an email to me, I will put a Form Mail page on here as soon as I can find one written by someone who knows more than how to put two semicolons together.
Webmaster
The email form is now available. (I had to hack most of it myself).
Good news—I have heard from DotEasy again and they have said that they have
I have contacted my family and they now seem to be able to get through. I don’t think that means that they have stopped using these evil blacklists, but at least it shows that they are in control of them. The moral is ALWAYS COMPLAIN.
I am working on an improved version of the email form which I may publish.
For the record:
Blacklists are NOT evil – they are USEFUL!
Wanadoo is not on the Spambag email because of “one guy and his vendetta” – here is what Sorbs (a very reputable blacklist maintainer) has to say on Wanadoo:
Netblock:
193.252.22.0/24 (193.252.22.0-193.252.22.255)
Record Created:
Fri May 6 08:12:34 2005 GMT
Record Updated:
Tue May 22 14:50:29 2007 GMT
Additional Information:
Escalation listing. DIPSI spam through Wanadoo relays; lack of response to complaints; lack of response to multiple /32s being listed; spam continues
So, in fact, SpamBag seems to be right.
For the record: Wanadoo does not just have a poor reputation for customer service only.
On the other hand:
Not having the freedom to control the way you handle, and filter, spam, sucks too.
The best way around that is to select an ISP that allows you to parameterise your owm spam filtering for your mailbox. While I do not know about the UK ISP market, these Internet providers DO exist in my neck of the woods (The Netherlands – and it is called XS4ALL).
I do not know if Demon Internet is still active in the UK (in the Netherlands, they have been acquired by XS4ALL), but if they do, that would be my bet. When they were still around as an independent entity in the Netherlands, they were one of the three best ISP’s in this country.
You state: Blacklists are what has made email an unreliable form of communication and have caused a lot of disillusionment for Joe Public about the internet revolution.
Sorry, but I have to strongly disagree (which is a polite way of saying “this is utter drivel”).
The correct statement is: SPAM is what has made email an unreliable form of communication and has caused a lot of disillusionment for Joe Public about the internet revolution.
Up to today, I have not heard anyone complain about blacklists. The number of people that I hear that complain about spam, however… Ah, don’t get me started.
Your problem is not blacklists, or Spambag. Your problem is your ISP and the ISP of most of the rest of my family, my church, and many of your friends. Your ISP does not know how to handle spam filtering, which, while understandable, isn’t top-notch. The worst part is: the ISP of most of the rest of my family, my church, and many of your friends doesn’t even have a clue about how to stop people from using the email servers in their domain to relay. That is nothing less than a bloody shame.
I cannot blame you for complaining – but I do find it rather, um, harsh that you blame the people (the blacklist maintainers) who are trying to contribute to a solution to the real problem: spammers and irresponsible ISP’s.
For the record: I am not an ISP, nor am I a blacklist maintainer. I am just an Internet user who just so happens to know a bit of his stuff.
regards
peter
peter
Thanks, Peter, for a very interesting response. In many respects I agree with you. I was, to some extent, exaggerating, and of course the fundamental problem is the SPAM followed closely by ignorant ISPs. The problem with the blacklists is not particularly that they exist but the way they are used, primarily by the ISPs mentioned.
The ISPs are guilty on at least three accounts. First they don’t manage their users properly allowing them to be (probably unwitting) spam generators; it should be fairly simple for them to monitor, detect and block suspect OUTBOUND traffic from their own network and follow up with an account enquiry. Secondly they need to be actively responsive to the abuse system which is required by the RFCs and, finally, as you say, they need to manage their incoming filters more intelligently.
True, those of us in the know, can pick an ISP that is better at meeting these requirements but the average PC user just goes with the one that comes pre-installed or from a CD picked up in a supermarket. They don’t stand a chance.
I do, however, stick with my condemnation of spambag.org. I haven’t looked at Sorbs policy, but his is just stupid. He will not respond to any correspondence from whatever source. I cannot tolerate a dictatorship, however benign of intent. Perhaps, on reflection, I should amend my statement that all blacklists are bad to all blacklists in the hands of monkeys are bad. Major ISPs blocking each other arbitrarily is playground diplomacy.
However much spam there is does not stop my email getting through – it may be obscured by a heap of junk, but it will get through. With the blacklists in position I have no idea whether it will make it or not.
BTW: Wanadoo is now known as Orange – a company I am sure you are familiar with. They are currently around no. 8 on the MAPS Rogues gallery – so no improvement there since I wrote this post in late 2005.
An interesting commentary can be found here http://www.theregister.co.uk/2007/07/08/blacklists_are_baaad/
The discussion was very interesting above. After fighting spam at an ISP for 8 years and making my escape to a smaller network, you both have valid points.
I would like to point out that blaming the maintainers of the blacklist is nieve – if qualified blacklists didn’t exist, worldwide spam would be much worse. My biggest peeve is with the ISP’s that don’t block their customers connections to other networks mail servers.
You might say this is blocking your legitimate right to use your connection is a way you wish, but face it, the number one cause of spam is not the blacklist maintainer, not the ISP, but the neophyte internet user who doesn’t put a decent antivirus program on his computer. The botnets used to send spam these days are a direct result of people not taking responsibilty for their own computers. So, the blame goes right back to the users, the guys that cry loudest when their email doesn’t get thru.
Pitty the poor ISP op, the guy that gets beat up no matter what he does.
If he lets all the tripe through – he gets beat up because “there is too much spam”. If he’s proactive and uses blacklists and blocks to cut down on the spam, he gets beat up cause Aunt Mables recipe for Frog Soup didn’t arrive.
Yes, you NEED to tell the ISP when valid email is blocked. A blanket threat to dump em cause they use a blacklist is harsh. Remember, they probably had to do extra setting up a server to handle spam – simply setting up a server with defaults to accept EVERYTHING require no work and absolutely no intelligence.
Just a view from the other side of things. I hated getting those phone calls with people saying they were going to jump ship because 1 email didn’t get through. The next call was someone complaining about too much spam.
Thanks for your contribution John. I think I made it clear that I don’t blame the blacklist maintainers for doing the job that they do, but the ISPs that use them thinking that they will solve all their ills by installing them blindly. BUT the blacklist maintainers do need to maintain their credibility and to do this they need to communicate and be seen to act fairly, preferably working with the ISPs on both sides to solve problems. When you were working at the ISP did you communicate with these guys? Did you get any help from them?
I don’t think you can pass the blame on to the “neophyte internet user” either. The quality of machines sold is improving but is still not good. The ISP ought to be capable of monitoring their own customers and detecting the zombies. A bit of traffic analysis should be able to isolate them. Then they can work back with the user and solve the problem even if it means cutting them off (with an explanation) until it is fixed.
And btw, I didn’t say I would be jumping ship because 1 email didn’t get through; blocking of this sort means that NO email gets through and I just can’t live with that. Thankfully they agreed and I am still with them. Overall they do a grand job.
Hello…I Googled for block my ip address, but found your page about Blacklist Madness…and have to say thanks. nice read.
I agree with your first statement about these Anti-Spam organisations.
Who the hell gives them the right to do what they do? I blame the ISPs for NOT doing the job themselves and then for signing up to these Anti-Spam lists.
I am trying to send valid emails to Blueyonder and Hotmail users and they are bouncing. I use a well known Internet security suite, as well as several of the free checkers. I scan my system regularly and keep it free of viruses etc., and still I get blocked.
I’m just a guy trying to get on with his life, but these jokers are dictating the internet to the rest of us innocent users.
I’d rather handle the Spam using my own software than have legitimate email get stopped by unauthorised “organisations” (except I too think it’s some guy in his back bedroom). They cause more distress than any spam I’ve ever had.
I see there is still anarchy out there. This is an interesting article by a small ISP abuse manager http://isc.sans.org/diary.html?storyid=7780&rss