Closed Bug 270290 Opened 20 years ago Closed 20 years ago

hediond mail trap

Categories

(mozilla.org Graveyard :: Server Operations, task)

Product:
mozilla.org Graveyard
Component:
Server Operations
Type:
task
Priority:
Not set
Severity:
blocker

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: mikelima, Assigned: myk)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

One of the things causing more harming to the web, apart from spammers, are
those IP black lists used by many anti-spam programs, like the one used by mozilla.

An IP Black List is a confirmation of one's total incompetence to deal with spam
and is not a serious solution to block spam at all, as statistics prove.

Idiots on control of those lists are arrogant and agressive and accept no
explanation from no one. They simply scan the web looking for dial up and
dynamic IPs and block them. The ignorance of this act is blocking legitimate
users using the web. As far as I know, 90% of users accessing the web, uses
dynamic IPs, dial up accounts, regular phone, isdn, adsl and cable modem. 

I am on the web since 96 and never spammed. I file bugs for mozilla for a long
time, but today, trying to send a suggestion to webmaster@mozilla my mail
bounced back with the following message.

SMTP error occurred while sending message to following recipient(s)

webmaster@mozilla.org

550 Service unavailable; Client host [213.13.19.71] blocked using
dynablock.njabl.org; Dynamic/Residential IP range listed by NJABL dynablock -
http://njabl.org/dynablock.html

I have checked my Ip on the idiots at NJABL and the ip IS NOT ON THE LIST. That
means that the whole block of IPs, that is, 213.12.19.1 thru 255 are blocked.

Checking on another black list I discovered that entire YAHOO MAIL is blocked!
Combating spam this way is really very easy. So, lets filter *.*.*.*
and we will finish spam!

I agree by blocking a guy by domain, but when you block a nameserver, a dial up
account a dynamic Ip, you block people who has nothing to do with spam. Real
spammers exploit sites, specially using NukePHP to send their spam and are never
caught.

I think people should be aware of two major problems on the web, relating to
email: spammers and black lists.

Sorry if I sound agressive. I have nothing against Mozilla, on the contrary. I
use Netscape since 2.xx and I am doing all effort to spread word of mouth about
Mozilla/FIrefox... but I am very upset. Those guys are blocking the entire web
and I am not seeing any spam decrease.

So, please considere turning off filter by IP on your mail server.
thanks and continue good working!

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
just look at the message

Dynamic/Residential IP range 

and think about it...
Assignee: mozilla.webmaster → myk
Component: webmaster@mozilla.org → Server Operations
QA Contact: daniel.bugmail → justdave
The IP address 213.13.19.71 belongs to a residential ADSL modem, according to
the ISP that hosts that IP range.  Residential customers are not intended to
deliver their own mail, that's what you're ISP's mail server is for.  Use it.

I would be an idiot if I accepted mail from residential IP addresses because
spammers almost always use zombie machines to send spam these days, and the
zombies are almost all on residential IPs (because home users don't have a
corporate IT department to detect and clean up after them, and unfortunately, a
good chunk of them aren't as smart as you to be able to keep up on it themselves).
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WONTFIX
ok. I gave up.

1) if you block dynamic IPs you block 90% of users. So you keep talking to
companies that are nice and do not spam (haha.. how naive...)

2) mozilla org can continue talking to those nice guys, alone, as daily less
people can communicate with mozilla. Someone of you have a site? are it hosted
anywhere? have you checked its IP on those lists recently? and what about the
nameserver IP of your ISP? and what about the netblock?

3) do you plan to use a cybercafe in the future, when you are out of your base
to send an important email? forget it. they are blocked. Kinko's? forget it.

4) ah, you are a smart guy, your phone uses 3G... ooopps, your phone uses mobile
connection? perhaps wifi? sorry, you are blocked. WIFI uses dynamics IPs too...

5) I suggest carrying your fixed IP on your pocket, if possible, you will need
it in the future to send emails to mozilla org. Better, install it at home and
brings the wire with you on the streets... you will need that fixed ip... but
even if you have a fixed IP, pray harder... if some spammer uses any IP on the
same netblock you have your IP, you are terminated...

6) really, I have to recognize that the smart guys who had the idea of blocking
all residence ips to stop spam are really doing a great job. Spam levels are
decreasing daily. I see no one complaining anymore. Good job. Levels are near
zero now... and decreasing... nobody needs any anti-spam or anti-spyware
anywhere. We are finally free after that spectacular solution of blocking IPs,
netblocks and even continents (entire ASIA is blocked on some of those lists).
Great! Someone planning to visit ASIA? Take a pigeon with you... you will need
that to communicate...

7) using the same smart principle, I sugest arresting everybody from branches
like Bronx, Queens, etc., in NY and from East LA, we will stop criminality. Why
those idiots on government never tought that before!!!!!!!!

8) the worst about smart people is that they never recognize they are wrong and
never accept any argument.

regards and good blocking.
what's so hard about using your ISP's mail server?

ISP includes the cybercafe in your example.  Most personal ISPs offer remote
authentication for the SMTP servers.  Use it.

Your numbers are not correct.  Less than 1% of legitimate mail is delivered from
a dynamic IP address.  90% of users are on dialup, but the vast majority of
those users use their ISP's mail servers.  ISPs do not block their own
customers, they only block dynamic addresses outside their network.  That's the
whole reason blocking dynamic addresses is effective.  Most ISP *volunteer*
their dynamic address space to the dynamic address blocklists ON PURPOSE because
they want their users using their SMTP server in order to better catch spammers
using their network.
Just to make sure that's clear, we do not block mail that *originates* on a
dynamic IP address, we only block mail whose last hop before reaching us is a
dynamic IP address.  i.e. if you are on a dynamic IP address, and your computer
connects directly to our computer, we will reject your mail.  If your computer
connects to your ISP's mail server, and that mail server then connects to us, we
will not reject it.
The reason why I use my own server running on my computer is simple: those
volunteers you mentioned, put the nameserver which serves the network I am
hosted on the black list and that nameserver is also the mail relay of the
network on that ISP (note that it is not an open relay). The interesting about
that is that the nameserver was put on the list due to 1 guy with a
vulnerability on NukePHP that was used for 2 days to send spam. Even after that
vulnerability was removed the same kind volunteers refused to take the whole
block from list unless a $50 dollars fee is paid. 

Even if those volunteers drop the nameserver IP from the list it would not help
too much. Verifying deeper, I discovered that the entire netblock was put on the
list. Note that the netblock do not belongs to my ISP and is owned in fact by my
ISP's ISP!

Contacting the volunteers, I was received with arrogance, prepotence and
ignorance and they refuse to drop any IP from the list. They simply recomended
me to change to another ISP. Change to another ISP? They cause damage to people
that has nothing to do with spam, hijacks the IP of the network you belong, asks
for a ransom of $50 per incident and you ask me to use my ISP mailserver...

My servers have everything identified, including SPF records on DNS table, that
just a few around is using actually.

Sorry, but I am tired of discussing about this theme. You said that 1% of
blocked mail are valid. Ok, I am on that 1%. Let's simply accept this. The only
thing I have to say is: if you create a system that cause damage and losses to
spammers and that system causes damage to ONE (not 1%) valid user non spammer,
than your system is a total failure. If we use that 1% principle, so we can
justify everything. If a man shoot against a crowd using a machine gun its fine
unless it keeps casualities at 1%!!!!!!!

I simply do not agree with that. As I said, some of those lists block entire
ASIA, and I am not talking about dial up accounts. Do you find it right? 

The only way I have to communicate with mozilla now is this form. Take this out
and will never hear from me. As me, I am sure that as me, many people are
blocked. Mozilla pages estimates that 10 million people downloaded firefox. 1%
of that is 100,000 people blocked.

regards
(In reply to comment #6)
> The reason why I use my own server running on my computer is simple: those
> volunteers you mentioned, put the nameserver which serves the network I am
> hosted on the black list and that nameserver is also the mail relay of the
> network on that ISP (note that it is not an open relay).

What's the IP address of your ISP's mailserver?  If your story is accurate I
would bet it's not on the blacklists that we are using.

The dynablock list doesn't charge for removals, they only require contact from a
network admin listed on the whois record for the IP address.

Not all blacklists are ethical or reliable.  There are MANY choices to be made
when choosing which blacklists to use.  We attempt to use only blacklists that
have proven track records and minimize collateral damage.

If your ISP's mailserver is on one of these less reputable lists, then I would
blame it on the recipient's ISP for blocking it.  Dynablock is not one of those
less reputable lists however.

I just ran your personal IP address against a script I have that looks up IP
addresses in almost every known blacklist on the planet.

IP-based Blacklists:
               dnsbl.sorbs.net: Yes - 71.19.13.213.dnsbl.sorbs.net -> 127.0.0.10
                                Dynamic IP Address See:
http://www.dnsbl.sorbs.net/lookup.shtml?213.13.19.71
           dynablock.njabl.org: Yes - 71.19.13.213.dynablock.njabl.org -> 127.0.0.3
                                Dynamic/Residential IP range listed by NJABL
dynablock - http://njabl.org/dynablock.html
               t1.dnsbl.net.au: Yes - 71.19.13.213.t1.dnsbl.net.au -> 127.0.0.2
                                213.13.19.71 See
http://www.dnsbl.sorbs.net/cgi-bin/lookup?NAME=213.13.19.71
           work.drbl.croco.net: Yes - 71.19.13.213.work.drbl.croco.net -> 127.0.0.2
Blacklisted by 4 out of 118 DNSBLs tested.

All four are showing Dynamic IP as the reason for listing.  There are no lists
whatsoever flagging that IP address for open relays or spam.
My mail server in theory is doispontos.com, IP =  67.19.94.98. But this, as far
as I know it is the same IP of the nameserver r1.myhostcenter.com. That is the
problem. They blocked this IP and this IP is shared by hundreds of domains on
the same network. I have several domains in my server, but I know there's many
more hosted by Surfspeedy sharing the same nameserver. So, as the nameserver is
the mail relay (not open) for everyone on the network, we are all blocked.

Surfspeedy (my ISP) is hosted on The Planet. If you search deeper, you will see
that also the dynablock used by surfspeedy and probably hundreds of other ISPs
are blocked too.

If you click on the link below
http://www.dnsstuff.com/tools/ip4r.ch?ip=67.19.94.98
it will show you one list where the dynablock is listed.

This is my server, where I store my sites. Let's talk now about the ISP I use to
access the web. Follow the link below

http://www.dnsstuff.com/tools/ip4r.ch?ip=213.13.27.167

and you will see that it is also listed.

I have 3 options, all blocked:

1) use the servers I have on Surfspeedy (blocked)
2) use my access ADSL ISP mail server (212.55.154.36) = blocked
3) use my own server running on my machine at home (blocked)

So, it is impossible to me to send mail to mozilla. 

The problem with these lists is that you give power to guys that do not know how
to manage it, so they become arrogant, intolerant and agressive. 

I hate spam as much as everybody. I receive 200 **** emails per day in each mail
address I have. I have dozen of filters (none by ip) and a black list BY DOMAIN
with more than 1200 entries. But I will never agree to block a group or a
generic Ip just because it can be used by a spammer.

regards
Checking 67.19.94.98:
Address:     67.19.94.98
Reverse DNS: r1.myhostcenter.com
IP-based Blacklists:
    blackholes.five-ten-sg.com: Yes - 98.94.19.67.blackholes.five-ten-sg.com ->
127.0.0.7
                                added 2004-04-25\; hosting
http://postfuture.com/pfweb/ on 64.5.35.0/24
                                added 2002-10-17\; spam support - listwashing,
refusal to remove spammers
                                added 2004-09-22\; spam support - moved
http://www.SloanMarketing.com to 67.19.132.90
                                added 2003-06-21\; called theplanet
+1-214-782-7802 - abuse person never returned the call
                                added 2003-06-28\; called theplanet
+1-214-782-7802 - told them about the SBL and SPEWS listings
                                added 2004-06-14\; spam support - hosting
http://www.SloanMarketing.com on 69.56.226.178, was on palcom 203.86.101.61
                                added 2002-10-17\; spam support - see
http://groups.google.com/groups?selm=ur7uqu0mjfgd9k21tonfdb8eqkn1t2kea4%404ax.com&oe=UTF-8&output=gplain
               block.blars.org: Yes - 98.94.19.67.block.blars.org -> 127.1.0.33
          dnsbl.rangers.eu.org: Yes - 98.94.19.67.dnsbl.rangers.eu.org -> 127.0.0.8
                                Spam source
               dnsbl.sorbs.net: Yes - 98.94.19.67.dnsbl.sorbs.net -> 127.0.0.6
                                Spam Received See:
http://www.dnsbl.sorbs.net/lookup.shtml?67.19.94.98
Blacklisted by 4 out of 118 DNSBLs tested.


so what? should I be punished because another domain that is not even more on
the same IP and do not belongs to me and not even to my ISP made spam? punish
the www.SloanMarketing.com domain.

If you think this listing is an argument, I'm sorry, but I give up.

As I tought when I started to discuss this topic, very few guys are not radical
enough to realize and recognize that's something wrong with this method.

So, I give up.

Goodbye. Keep blocking.

Sorry wasting our time.
(In reply to comment #8)

> The problem with these lists is that you give power to guys that do not know
> how to manage it, so they become arrogant, intolerant and agressive. 

Which is exactly why a good system admin will shop around to find lists that are
reliable and don't go on power trips like this, and will avoid the lists run by
power-hungry arrogant snobs like the plague.  Most real ISPs and businesses shun
those lists (us included).  There are lists that have very good reputations,
however, and we try to use only those lists.  Of the ones currently listing you,
dnsbl.sorbs.net is the only one we actually use (that I know of).  They are one
of the more reputable lists.  They are showing repeated listings over several
months, with the last re-listing happening only 20 days ago.  What this means is
you are sharing an ISP with a spammer.  Your choices are to complain to your ISP
about their lack of anti-spam enforcement, or to get a new ISP.  Alternatively,
you may be able to find someone who is not blacklisted who is willing to relay
your mail for you.
(In reply to comment #10)
> so what? should I be punished because another domain that is not even more on
> the same IP and do not belongs to me and not even to my ISP made spam? punish
> the www.SloanMarketing.com domain.

SORBS didn't list you because of sloanmarketing.com, that was one of those
snobby elitist blacklists you were complaining about that did that.  SORBS
listed you because they actually received spam that went through your mail server.
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.