Hi there
We have some Problems with the UCEProtect.net blacklist. He lists some Subnets and AS who dosnt send Spam from us Customers... e.g. the AS6730 (Sunrise) a lot of us costumers using this Provider have Problem on E-Mail Services. But really Spammers are not listed :D
Maybe the Blacklists add some subnets of Big Companys, cause for delisting you need to pay some money...
dnsstuff.com uses this blacklist in the lookup tool i dont know how many providers using this list.
Anyone there know more about this Blacklist? The Service is Provided by admins.ws and for the fun try www.admins.ws/../../etc/passwd
Marco
Hello, This is the Problem Sunrise won't pay money. And they want make money. I think the best way is to removie UCEProtect.net level 3 from your Blacklist. Greetings Xaver
-----Ursprüngliche Nachricht----- Von: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von Marco Meile Gesendet: Freitag, 2. November 2007 21:47 An: swinog@swinog.ch Betreff: [swinog] UCEProtect Blacklist
Hi there
We have some Problems with the UCEProtect.net blacklist. He lists some Subnets and AS who dosnt send Spam from us Customers... e.g. the AS6730 (Sunrise) a lot of us costumers using this Provider have Problem on E-Mail Services. But really Spammers are not listed :D
Maybe the Blacklists add some subnets of Big Companys, cause for delisting you need to pay some money...
dnsstuff.com uses this blacklist in the lookup tool i dont know how many providers using this list.
Anyone there know more about this Blacklist? The Service is Provided by admins.ws and for the fun try www.admins.ws/../../etc/passwd
Marco
-- For list-off Contact use: silicium (-at-) natural-geek.org
PGP: 49F8 C29E 4F4E E438 BD69 0BCE D1DA 4B0C 7C32 C715
-----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d-- s-:- a-- C++ UL+++ P-- L+++ E--- W++ N+ o K- w-- O-- M V- PS+++ PE++ Y+ PGP++ t 5 X++ R tv- b+ DI-- D+ G++ e+ h++ r y+ ------END GEEK CODE BLOCK------
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
I don't think that.
If you Pay Money for delisting, you can wait for a while and you are listed again. The Problem are the Dynamic IP Subnets. if to much of the Cosumers Infected with any spambots, the Subnet got listed again, and if 2 or 3 subnets in a AS are listed, the whole are got listed...
so, the only way for sunrise i think is create a own AS for all Dynamic Ranges and one for fixed/business ranges...
Regards
Marco
Xaver Aerni wrote:
Hello, This is the Problem Sunrise won't pay money. And they want make money. I think the best way is to removie UCEProtect.net level 3 from your Blacklist. Greetings Xaver
-----Ursprüngliche Nachricht----- Von: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] Im Auftrag von Marco Meile Gesendet: Freitag, 2. November 2007 21:47 An: swinog@swinog.ch Betreff: [swinog] UCEProtect Blacklist
Hi there
We have some Problems with the UCEProtect.net blacklist. He lists some Subnets and AS who dosnt send Spam from us Customers... e.g. the AS6730 (Sunrise) a lot of us costumers using this Provider have Problem on E-Mail Services. But really Spammers are not listed :D
Maybe the Blacklists add some subnets of Big Companys, cause for delisting you need to pay some money...
dnsstuff.com uses this blacklist in the lookup tool i dont know how many providers using this list.
Anyone there know more about this Blacklist? The Service is Provided by admins.ws and for the fun try www.admins.ws/../../etc/passwd
Marco
-- For list-off Contact use: silicium (-at-) natural-geek.org
PGP: 49F8 C29E 4F4E E438 BD69 0BCE D1DA 4B0C 7C32 C715
-----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d-- s-:- a-- C++ UL+++ P-- L+++ E--- W++ N+ o K- w-- O-- M V- PS+++ PE++ Y+ PGP++ t 5 X++ R tv- b+ DI-- D+ G++ e+ h++ r y+ ------END GEEK CODE BLOCK------
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
On Fri, 2007-11-02 at 21:46 +0100, Marco Meile wrote:
We have some Problems with the UCEProtect.net blacklist.
We considered UCEprotect as absolutely unreliable and unprofessional and are ignoring listings there. And I think so are 'the big swiss ones'. And for sure, it's impossible to handle all those RBL which are online.
IMO any postmaster who blockes mails upon one blacklist entry is ... (what was that polite description of moron?) ;)
Cheers - Dan
Daniel Kamm wrote:
On Fri, 2007-11-02 at 21:46 +0100, Marco Meile wrote:
We have some Problems with the UCEProtect.net blacklist.
We considered UCEprotect as absolutely unreliable and unprofessional and are ignoring listings there. And I think so are 'the big swiss ones'.
Hi Daniel,
I would be interested to know why you find UCEprotect to be unreliable and unprofessional?
IMO any postmaster who blockes mails upon one blacklist entry is ... (what was that polite description of moron?) ;)
There is no shortage of incompetent postmasters and mail-admins. :-(
/Per Jessen, Herrliberg
Wy is unproffesional, UCEprotect is blocking AS.... I think this isn't proffesional. Ok. ever DSL Provider has Problems with trojans, virus and the result is spam. But we receive any more spams from other Providers like CC. and this ranges (of Cableconnections) are not listet in the list. Spams from Sunrise.net we don't receive many. I think the most Provider can say that. If some IP's like DSL or Dialing IP's are spaming, i find ok if they are blacklisted. But a complet AS to blacklist... This isn't ok. Greetings Xaver ----- Original Message ----- From: "Per Jessen" per.jessen@enidan.ch To: swinog@lists.swinog.ch Sent: Saturday, November 03, 2007 2:00 PM Subject: Re: [swinog] UCEProtect Blacklist
Daniel Kamm wrote:
On Fri, 2007-11-02 at 21:46 +0100, Marco Meile wrote:
We have some Problems with the UCEProtect.net blacklist.
We considered UCEprotect as absolutely unreliable and unprofessional and are ignoring listings there. And I think so are 'the big swiss ones'.
Hi Daniel,
I would be interested to know why you find UCEprotect to be unreliable and unprofessional?
IMO any postmaster who blockes mails upon one blacklist entry is ... (what was that polite description of moron?) ;)
There is no shortage of incompetent postmasters and mail-admins. :-(
/Per Jessen, Herrliberg
-- http://www.spamchek.com/ - your spam is our business.
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Xaver Aerni wrote:
Wy is unproffesional, UCEprotect is blocking AS.... I think this isn't proffesional.
Actually, UCEprotect is not blocking anything. They only provide the means for other people to do so. Anyone who uses UCEprotect level3 have been duly warned.
/Per Jessen, Herrliberg
And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason.
Everyone is going crazy about security, so you're likely to see a proliferation of providers offering to maintain blacklists, who will do it badly.
Much better would be to let the users determine what is spam and what is not, getting the ISP out of the role of having to play judge on a topic they don't master.
-----Original Message----- From: Per Jessen [mailto:per.jessen@enidan.ch] Sent: Saturday, November 03, 2007 4:54 PM To: swinog@lists.swinog.ch Subject: Re: [swinog] UCEProtect Blacklist
Xaver Aerni wrote:
Wy is unproffesional, UCEprotect is blocking AS.... I think this isn't proffesional.
Actually, UCEprotect is not blocking anything. They only provide the means for other people to do so. Anyone who uses UCEprotect level3 have been duly warned.
/Per Jessen, Herrliberg
On Wed, 2007-11-07 at 06:57 +0100, Charles Buckley wrote:
Much better would be to let the users determine what is spam and what is not, getting the ISP out of the role of having to play judge on a topic they don't master.
Aren't you mixing up the things? Hadn't it been users, who asked the ISP people to automatically filter UCE? Here, 48% of all mailbox accounts are using the spam scanner (which implies the scoring of mails with RBL).
Cheerz - Dan
Charles Buckley wrote:
And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason.
mail.mauto.com is indeed listed by sorbs - I would check that your server hasn't been compromised. Look for traces of an ssh brute force attack perhaps.
Everyone is going crazy about security, so you're likely to see a proliferation of providers offering to maintain blacklists, who will do it badly.
There is already plenty of such lists - I don't think the number is likely to grow a awful lot.
Much better would be to let the users determine what is spam and what is not, getting the ISP out of the role of having to play judge on a topic they don't master.
Nah, leave the spam-filtering to us :-) The user and the ISP both have better things to do.
/Per Jessen, Herrliberg
Per Jessen wrote:
Charles Buckley wrote:
And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason.
mail.mauto.com is indeed listed by sorbs - I would check that your server hasn't been compromised. Look for traces of an ssh brute force attack perhaps.
Uh, sorry - I overlooked that you said "shared". Well, according to SORBS, the server got listed because mail was sent to a spamtrap on 13 August. It could be one of your co-sharers ... if I were you, I'd talk to q-x.ch, and ask them what they're doing about it.
/Per Jessen, Herrliberg
I'm far ahead of you -- I already knew all this, and have done all the right steps. The server uses strictly SMTP_AUTH; it has not been compromised beyond the account details of the spammer being circulated.
The provider moved instantaneously to identify the offender and kick them out. The compromised SMTP account is now closed. But, just as Sunrise, they are not willing to pay the fee to SORBS to change the status on the list. Instead, they have offered to set up a SMART host for me, but that hasn't happened yet.
Perhaps this would be a good insurance line -- insuring against Rufmord from all these neighbourhood network grannies. But I somehow feel that dealing with the insurance Bürokraten would be worse than dealing with these issues by finding ways to protect from SPAM that don't involve hiring a bunch of self-appointed busybodies to strategically misinterpret actions and blackmail money out of people who add value by creating arbitrary sets of losers. Are we talking about mature individuals here?
The ETH should know better than to be using such people anyway -- I have informed them of the problem.
Charles
-----Original Message----- From: Per Jessen [mailto:per.jessen@enidan.ch] Sent: Wednesday, November 07, 2007 12:03 PM To: swinog@lists.swinog.ch Subject: RE: [swinog] UCEProtect Blacklist -- join the club
Per Jessen wrote:
Charles Buckley wrote:
And then there is SORBS, which the ETH use, who have chosen to put the shared server I use for mail on a blacklist for some reason.
mail.mauto.com is indeed listed by sorbs - I would check that your server hasn't been compromised. Look for traces of an ssh brute force attack perhaps.
Uh, sorry - I overlooked that you said "shared". Well, according to SORBS, the server got listed because mail was sent to a spamtrap on 13 August. It could be one of your co-sharers ... if I were you, I'd talk to q-x.ch, and ask them what they're doing about it.
/Per Jessen, Herrliberg
Charles Buckley wrote:
But, just as Sunrise, they are not willing to pay the fee to SORBS to change the status on the list. Instead, they have offered to set up a SMART host for me, but that hasn't happened yet.
I'm not sure how that would change the situation unless they'd also change the IP-address - but never mind.
these issues by finding ways to protect from SPAM that don't involve hiring a bunch of self-appointed busybodies to strategically misinterpret actions and blackmail money out of people who add value by creating arbitrary sets of losers. Are we talking about mature individuals here?
The SORBS people or the mail-admins who use them?
/Per Jessen, Herrliberg
Hello Charles
Charles Buckley wrote:
The ETH should know better than to be using such people anyway -- I have informed them of the problem.
At ETH Zurich it depends to which subdomain you are sending e-mail, because some departments run their own mail server with their own policies.
But I guess most others depend on the mail service provided from Informatikdienste (ID). I once had a chance to attend a presentation of their mail setup (especialy the mx hosts with the spam and virus filtering) and therefore I know that they are using a few DNS Blacklists to drop mail at the smtp communication. But I don't remember which. Contacting the postmaster at ethz.ch should help.
bye Fabian
On Wed, 2007-11-07 at 12:29 +0100, Charles Buckley wrote:
The provider moved instantaneously to identify the offender and kick them out. The compromised SMTP account is now closed. But, just as Sunrise, they are not willing to pay the fee to SORBS to change the status on the list.
As ISP you don't have to pay a fee for delisting at SORBS. Simply mail to isp-support@sorbs.net and tell them your ASN. Without ASN your mail will be dropped.
Cheerio - Dan
* on the Sat, Nov 03, 2007 at 02:00:15PM +0100, Per Jessen wrote:
I would be interested to know why you find UCEprotect to be unreliable and unprofessional?
Because of their delisting-procedure. How many networks will end up in there which have been sending spam at some time, but don't ever sent spam since then, because their admins fixed the problem, or the net got reassigned or whatever? And maybe their admins didn't even know they're on uceprotect, or the new admins don't know or whatever?
Every blacklist who does not delete the listings automatically will end up eventually with a huge mass of "false positives", which indicates a failure of the system.
With UCEprotect, I estimate about 30% of their entries being listed are such false positives, and this will of course raise and raise..
Cheers Seegras
Peter Keel wrote:
- on the Sat, Nov 03, 2007 at 02:00:15PM +0100, Per Jessen wrote:
I would be interested to know why you find UCEprotect to be unreliable and unprofessional?
Because of their delisting-procedure. How many networks will end up in there which have been sending spam at some time, but don't ever sent spam since then, because their admins fixed the problem, or the net got reassigned or whatever?
UCEprotect level1 and -2 both include automatic delisting. Only level3 does not seem to have automatic delisting.
With UCEprotect, I estimate about 30% of their entries being listed are such false positives, and this will of course raise and raise..
I ran some stats on our traffic (we use UCEprotect 1,2,3) for all of october - false positives per level:
level1 = 0.75% level2 = 2.06% level3 = 0.96% (we have been using level3 experimentally for the last third of october)
false positive = non-spam email sent by levelX listed server.
Per Jessen
Hello Per, You must look. If you have clients by a Provider like Sunrise. (he is listed). Than you have many false positve marked Mails. Sunrise (Freesurf... etc.) Many people here in Switzerland has an Account there.
Is possible in the international Trafic you have less false positives. But here in Switzerland is it possble till 30 % false possitives Mails.
Greetings Xaver ----- Original Message ----- From: "Per Jessen" per.jessen@enidan.ch To: swinog@lists.swinog.ch Sent: Sunday, November 04, 2007 4:43 PM Subject: Re: [swinog] UCEProtect Blacklist
Peter Keel wrote:
- on the Sat, Nov 03, 2007 at 02:00:15PM +0100, Per Jessen wrote:
I would be interested to know why you find UCEprotect to be unreliable and unprofessional?
Because of their delisting-procedure. How many networks will end up in there which have been sending spam at some time, but don't ever sent spam since then, because their admins fixed the problem, or the net got reassigned or whatever?
UCEprotect level1 and -2 both include automatic delisting. Only level3 does not seem to have automatic delisting.
With UCEprotect, I estimate about 30% of their entries being listed are such false positives, and this will of course raise and raise..
I ran some stats on our traffic (we use UCEprotect 1,2,3) for all of october - false positives per level:
level1 = 0.75% level2 = 2.06% level3 = 0.96% (we have been using level3 experimentally for the last third of october)
false positive = non-spam email sent by levelX listed server.
Per Jessen
-- http://www.spamchek.com/ - your spam is our business.
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Hi all
I don't like these discussion about xy-Blacklists. The only one I can say is, never ever block/kill any Mails, who "hit" a Blacklist. No Blacklist is perfect! (or: why are there so many Blacklists?) It would like to be the same, if you will block any Mail with the word "killer"? then check: [ http://tel.search.ch/result.html?name=killer ]
If you find any provider, who block/kill Mails, they is doing a big failure. You have to punch/slap them.
rog
Xaver Aerni schrieb:
Hello Per, You must look. If you have clients by a Provider like Sunrise. (he is listed). Than you have many false positve marked Mails. Sunrise (Freesurf... etc.) Many people here in Switzerland has an Account there.
Is possible in the international Trafic you have less false positives. But here in Switzerland is it possble till 30 % false possitives Mails.
Greetings Xaver ----- Original Message ----- From: "Per Jessen" per.jessen@enidan.ch To: swinog@lists.swinog.ch Sent: Sunday, November 04, 2007 4:43 PM Subject: Re: [swinog] UCEProtect Blacklist
Peter Keel wrote:
- on the Sat, Nov 03, 2007 at 02:00:15PM +0100, Per Jessen wrote:
I would be interested to know why you find UCEprotect to be unreliable and unprofessional?
Because of their delisting-procedure. How many networks will end up in there which have been sending spam at some time, but don't ever sent spam since then, because their admins fixed the problem, or the net got reassigned or whatever?
UCEprotect level1 and -2 both include automatic delisting. Only level3 does not seem to have automatic delisting.
With UCEprotect, I estimate about 30% of their entries being listed are such false positives, and this will of course raise and raise..
I ran some stats on our traffic (we use UCEprotect 1,2,3) for all of october - false positives per level:
level1 = 0.75% level2 = 2.06% level3 = 0.96% (we have been using level3 experimentally for the last third of october)
false positive = non-spam email sent by levelX listed server.
Per Jessen
-- http://www.spamchek.com/ - your spam is our business.
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Roger Buchwalder wrote:
If you find any provider, who block/kill Mails, they is doing a big failure. You have to punch/slap them.
Yes, I agree - however, the fact is that well-known Swiss providers do just that. My company has approached a couple of the bigger players - the answer was "we have 5 blacklists, that's all we need".
/Per Jessen, Herrliberg
Xaver Aerni wrote:
Is possible in the international Trafic you have less false positives. But here in Switzerland is it possble till 30 % false possitives Mails.
Hello Xaver
I have not looked at how much traffic we have coming from Sunrise (for example), but you're right - if we had lots of Sunrise traffic, we would also see more FPs from UCEprotect level3. From our point of view, it wouldn't change much as we only allocate 0.4 points for a level3 hit.
I don't have any stats on how much international vs. how much Swiss traffic we have. Interesting question - I'll have to look into that.
/Per Jessen, Herrliberg
Happy ASN Listing.
UCE Protect Blocks VTX
Information for AS1267 - ASN-INFOSTRADA Infostrada S.p.A.
Regards
Marco
On Fri, Nov 02, 2007 at 09:46:41PM +0100, Marco Meile wrote:
Hi there
We have some Problems with the UCEProtect.net blacklist. He lists some Subnets and AS who dosnt send Spam from us Customers... e.g. the AS6730 (Sunrise) a lot of us costumers using this Provider have Problem on E-Mail Services. But really Spammers are not listed :D
Maybe the Blacklists add some subnets of Big Companys, cause for delisting you need to pay some money...
dnsstuff.com uses this blacklist in the lookup tool i dont know how many providers using this list.
Anyone there know more about this Blacklist? The Service is Provided by admins.ws and for the fun try www.admins.ws/../../etc/passwd
Marco
-- For list-off Contact use: silicium (-at-) natural-geek.org
PGP: 49F8 C29E 4F4E E438 BD69 0BCE D1DA 4B0C 7C32 C715
-----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d-- s-:- a-- C++ UL+++ P-- L+++ E--- W++ N+ o K- w-- O-- M V- PS+++ PE++ Y+ PGP++ t 5 X++ R tv- b+ DI-- D+ G++ e+ h++ r y+ ------END GEEK CODE BLOCK------
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
UCE Protect Blocks VTX
Information for AS1267 - ASN-INFOSTRADA Infostrada S.p.A.
UCE Protect is one of those lists who suffer from a very odd sense of reality.. whoever uses that list to protect his mail servers must be aware that he'll get a lot of false positives (ie.valid mail won't get thru). The decision whether or not to use that list is in the domain of each mail server administrator, I personally would stay far far away from it. There's not much sense trying to reason with those guys, I just ignore them.
Cheers, Markus
Markus Wild wrote:
UCE Protect is one of those lists who suffer from a very odd sense of reality.. whoever uses that list to protect his mail servers must be aware that he'll get a lot of false positives (ie.valid mail won't get thru).
No-one is likely to use uceprotect level3 to block emails, but they might very well use it for scoring.
/Per Jessen, Herrliberg
-
Charles Buckley -
Daniel Kamm -
Fabian Wenk -
Marco Meile -
Markus Wild -
Per Jessen -
Peter Keel -
Roger Buchwalder -
Xaver Aerni