New blacklisting

Avatar forum:rko 14 years, 7 months ago

We all know about SPEWS but now I found myself from another blacklist due to The Planet spammers:

FIVETEN/theplanet.com.spam-support: added 2004-02-29;

hosting http://www.arcadetown.com on 69.56.207.202; added 2004-04-25;

hosting http://postfuture.com/pfweb/ on 64.5.35.0/24; added 2002-10-17;

spam support - listwashing, refusal to remove spammers; added 2003-06-21;

called theplanet +1-214-782-7802 - abuse person never returned the call; added 2003-06-28;

called theplanet +1-214-782-7802 - told them about the SBL and SPEWS listings;

added 2002-10-17;

spam support - see http://groups.google.com/groups?selm=ur … put=gplain">http://groups.google.com/groups?selm=ur7uqu0mjfgd9k21tonfdb8eqkn1t2kea4%404ax.com&oe=UTF-8&output=gplain

12 Replies

http://www.dnsstuff.com/ is good for looking up what lists IPs are on.

The spam database lookup checks 150 odd lists

Adam

So is www.openrbl.org. That's where I noticed the segment being added to another blacklist.

Thanks for the link; I just found out that by virtue of being hosted at Hurricane Electric my linode is listed on two spam blacklists: BLARS and SPEWS2. Just great :roll:

… and sure enough one of my more important e-mails has just been bounced thanks to he.blackholes.us. This is a serious bugbear for linode.com methinks…

I have just checked mine.

3 positive hits blackholes.us, spews and blars on the 66.220.1/24 range

Same on the 64.62.190/24 range

Looks like there have been alot of banned ranges

http://spews.org/html/S2100.html

Blars is just a joke.

This really does not sorting out.

Am I the only one to has a hard time taking such black-lists seriously ….. ?

Bill Clinton

I doubt that (no offense), but you will have a "soft" time taking them seriously when you (or your clients using your linode) cannot send emails to some addresses … e.g. I cannot send emails to 2 of my friendds that are now at cambridge (uk) because the cambridge mail server uses a blacklist that has banned my mailer ip (not linode).

@Matthew Lloyd:

Thanks for the link; I just found out that by virtue of being hosted at Hurricane Electric my linode is listed on two spam blacklists: BLARS and SPEWS2. Just great

My HE linode on the 66.160.141 isn't listed in any blacklists according to the tests at dnsstuff.com.

Heh, I love this comment from BlarsBL…
@BlarsBL:

In general, an entire netblock is added rather than just a single IP or customer of a larger ISP. (For example, if hugeisp has a /16 that they allocate a single /24 to spamcustomer, the /16 will be listed rather than just the /24.)

Anyone using BlarsBL to block incoming mail should expect to lose legitimate mail. Similarly for SPEWS.

I, personally, use the following blacklists in postfix:

rejectrhsblclient dsn.rfc-ignorant.org,

rejectrhsblsender dsn.rfc-ignorant.org,

rejectrhsblclient postmaster.rfc-ignorant.org,

rejectrblclient relays.ordb.org,

rejectrblclient sbl.spamhaus.org,

rejectrblclient proxy.bl.gweep.ca,

These guys appear to have a clue and don't have a habit of listing innocent parties.

http://www.dnsstuff.com/tools/ip4r.ch?ip=70.85.31.80

FIVETENIGNORE LISTED (127.0.0.7) Reports CNAME of theplanet.com.spam-support.blackholes.five-ten-sg.com.

TXT= "added 2005-02-26; spam support - see http://www.projecthoneypot.org/board/re … &i=38&t=38">http://www.projecthoneypot.org/board/read.php?f=8&i=38&t=38" 77089 seconds 0 ms

http://www.five-ten-sg.com/blackhole.ph … rch=Search">http://www.five-ten-sg.com/blackhole.php?ip=70.85.31.80&Search=Search

OMFG! I think SBLs are over reactive.


http://www.dnsstuff.com/tools/ip4r.ch?ip=67.18.176.199

Same thing.

I just recently tried to post to a mailing list which I subscribe to, and noticed that the listserv in question was rejecting mail based on a DNSBL hit (which was unspecified).

Even after jumping through all the operator's hoops and receiving a promise that he'd whitelist my address, he did absolutely nothing.

The only lists I'd recommend would be Spamhaus SBL and XBL, and perhaps dul.dnsbl.sorbs.net if you don't want unauthenticated traffic from dynamic IPs. SPEWS et.al. should be used for scoring/tagging, IMHO.

The spews levels 2 list is not supposed to be a mail blacklist.

It's a political tool, and a very effective one at that. Any for profit organisation that

blocks mail based on the spews 2 list is crazy. Anyone else should know how much

they are blocking before choosing spews or any other blacklist for that matter.

As a political tool spews works really well and the reactions on this board prove that.

Everyone is pissed off at the spews listing, myself included.

We all go and moan to caker.

Caker moans to HE.

If they get enough complaints from paying customers and they will stop providing

service to anyone who even half looks like a spammer.

The spammers have one less place they can setup shop. Everyone wins.

Now if only we had some similar system to block sales calls from dodgy indian callcentres

the world would truely be a better place.

Actually, my Linode is on The Planet, and the blacklist is the five-ten-sg list, not SPEWS. Still, good point there.

All blocklists are stupid, there is way too much collateral damage to make them even worth running, anybody who uses them should seriously reconsider. Then the problem compounds when 99.9% of them are political lists and not functional lists.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct