Collateral damage in the Spam Wars

**From:** XXXXXXXXXXXXX (Mail Delivery System)…> **To:** sean@conman.org…> **Subject:** Undelivered Mail Returned to Sender…> **Date:** Mon, 23 Jun 2003 16:20:35 -0500 (EST)…>
This is the Postfix program at host swift.conman.org.
I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations.
For further assistance, please send mail to <postmaster>
If you do so, please include this problem report. You can delete your own text from the message returned below.
The Postfix program
<XXXXXXXXXXXXXXXXXXXX>: host XXXXXXXXXX[XXXXXXXXXXXX] said: 554 Service unavailable; Client host [216.82.96.10] blocked using relays.osirusoft.com; [1] Edirect, see http://spews.org/ask.cgi?S483 [1] (in reply to RCPT TO command)

Lovely … just gotta love that vigilante justice.

All the trouble to have as smooth a transition as possible [2], and the IP (Internet Protocol) address we get is stuck in the SPEWS (Spam Prevention Early Warning System) database. I've never even heard of SPEWS (Spam Prevention Early Warning System) [3] until today.

Sigh.

So I start poking around on the site:

**Q41:** How does one contact SPEWS?
**A41:** One does not. **SPEWS does not receive email**—it's just an automated system and website, general blocklist related issues can be discussed in the public forums mentioned above. The newsgroup news.admin.net-abuse.email [4] (NANAE) is a good choice, and Google [5] makes it quite easy to post messages [6] there via the Web as M@ilGate [7] does via email. First time newsgroup posters should read the NANAE FAQ [8]. **Note that posting messages in these newsgroups & lists will not have any effect on SPEWS listings, only the discontinuation of spam and/or spam support will.** Be aware that posting ones email address to any publicly viewable forum or website makes it instantly available to spammers. If you're concerned about getting spammed, change or “mung” [9] the email address you use to post with.
**Q42:** My IP address/range is being listed by SPEWS but I'm not a spammer and I just signed up for this/these address(s). What can I do to be removed from the list?
**A42:** SPEWS is just an automated system, if spam or spam involvement (hosting spammers, selling spamware) from your IP address/range ceases, it will drop out of the list in time. Normally the listing involves spam related problems with your host and the first step you need to take is to complain to them about the listing, in almost all cases, they are the only people who can get an address/range out of the SPEWS list. If there is a spam related problem with your host, their IP address/range will not be removed until it is resolved. If your host or network is certain a listing mistake has been made, ask them to read this FAQ (Frequently Asked Questions) then post a message in a public forum mentioned above with the SPEWS record number (eg. S123) and/or the IP address/range information in it. Placing the text “SPEWS:” in the subject can help a SPEWS editor or developer see the message and they may double check the listing—note that, although others may, **no SPEWS editor or developer will ever reply to the posting.** Will this get your IP address/range removed from a SPEWS listing? Again, not if there are currently spam related problems with your host.

“Spews FAQ [10]” [emphasis added]

Even lovelier …

They don't make it easy to get removed from their listing; they just list entire network blocks until they feel the provider that is effected has jumped through enough hoops to get de-listed.

Granted, this is just a list that the maintainers, in their opinion, think are spammers or are friendly to spammers and sysadmins are free to reference this list or not. But like credit reporting agencies, it's hard to make corrections, especially one like SPEWS.

It's one thing to set this up for your private use, where the risks of not communicating with someone is known, but to use such a list system wide where the users aren't aware of its use is something else entirely, and one I don't like. Which is why I don't enable such lists on my server; I don't want to set such a censorus policy on my users.

This problem came up because a server that runs a mailing list I'm on uses such a system, which I (and probably most other users of that mailing list) were unaware of. And I have to wonder how many potential people can't subscribe because of SPEWS.

So now it's the dance of IP renumbering. Good thing I kept the TTL (Time To Live) on the DNS (Domain Name System) to an hour until I was certain everything was fine.

[1] http://spews.org/ask.cgi?S483

[2] /boston/2003/06/22.1

[3] http://spews.org/

[4] news:news.admin.net-abuse.email

[5] http://www.google.com/

[6] http://posting.google.com/post?cmd=post&enc=ISO-8859-1&group=news.admin.net-abuse.email&gs=/groups%3Fhl%3Den%26safe%3Doff%26group%3Dnews.admin.net-abuse.email

[7] https://secure.mailgate.org/subscribe

[8] http://www.techhouse.org/~lou/spamlore/nanaefaq.htm

[9] http://members.aol.com/emailfaq/mungfaq.html

[10] http://spews.org/faq.html

Gemini Mention this post

Contact the author