Sometimes Everybody's a Loser

in

I queried the Internet address of my friend's mail server at the SPEWS web site. Sure enough, it is listed. SPEWS provides a (so-called) evidence file to document the listing. As expected, this file provides no evidence that my friend is a spammer or his ISP harbors spammers. Instead, it shows that my friend's ISP has the misfortune of using a spam tolerant backbone network provider, and he's caught up in the crossfire of an escalating battle.

Here's a dirty secret of the telecom bust: many network backbone providers are increasingly tolerant of spamming customers. Many of these wheezing, teetering companies cannot afford to staff an abuse desk properly. So whatever anti-abuse policies they may have are poorly enforced. Moreover, they can't afford to be terminating contracts, even when the contract is with the most disgusting spammers. Especially the most disgusting spammers--those folks often are willing to pay top dollar for their connectivity.

Broadwing is one of the very worst of the spam-friendly network providers. Broadwing is in a heapload of trouble these days: holiday layoffs, lawsuits, falling credit ratings--the whole dotcom debacle. While Broadwing does have an abuse desk, I have no record of it ever responding to an abuse complaint. Notorious spammers have been known to live on the Broadwing network for months on end before being terminated. In other words, if you are a spammer looking for good network connectivity, Broadwing may be your place.

Broadwing has been allocated a large range of Internet addresses and my friend's mail server lies in the middle of that range. Here are the data:

  • Broadwing has been allocated a large address block: 65.88.0.0 through 65.91.255.255.
  • New Media Technologies a.k.a. the Worldreach spamhaus, has been delegated a portion of that block: 65.88.179.0 thru 65.88.179.255.
  • My friend's email server lives at 65.88.171.xxx. That is on the Broadwing network but well outside the range of this spamhaus.
  • SPEWS claims that 65.88.169.0 through 65.88.189.255 also is used by the Worldreach spamhaus. It provides no proof of that claim. In fact, I suspect this may be a typo. (The listed range overlaps allocations.)

So, we lose because Broadwing fails to manage the abuse on its network. The Spamhaus Block List identified the 65.88.179.0 thru 65.88.179.255 listing on November 1. Here we are, seven weeks later, and those spammers are still living in Broadwing address space.

We lose again because of the frustrated response. People are growing increasingly frustrated with Broadwing's spam tolerance, and frustrated people are prone to harmful action. It appears the SPEWS list is expanding their blocks beyond the addresses held by spammers, and starting to pick off innocent victims on the Broadwing network. Like my friend.

It also could be a big mistake. As I noted, the 65.88.169.0 through 65.88.189.255 range cited in the evidence file is suspicious. SPEWS, unfortunately, is published anonymously, and the operators refuse to provide an email address for administrative queries.

So, everybody loses.

Here are some things you may want to consider, to avoid being a loser:

  • If you are shopping for a network provider, visit the The Spamhaus Project. If your network provider has a documented spam problem (as does Broadwing), you may want to consider taking your business elsewhere. As this story shows, innocent customers are harmed when their network providers have ineffective abuse policies.
  • If you are an email administrator, try to understand the policies and ramifications of the block lists you are using. Before you employ a new block list, run some tests to ensure you won't be stopping legitimate email. Also, examine the listing and administrative policies of the block list. For instance, would you feel comfortable using SPEWS knowing it has no reasonable mechanisms for feedback and control?

Here is hoping that Santa brings lumps of coal to both the Broadwing executives and the SPEWS maintainers.

Comments

Comments have been closed for this entry.

re: Sometimes Everybody's a Loser

If you're interested in SPEWS' side of this story (which seems to have not been included), please read the [link]SPEWS FAQ. It makes it clear that:

  • The SPEWS list is not just a list of spammers; it's a list of networks that are tolerant of spam.
  • Experience has shown that if a provider is tolerant of spam, the provider will usually attract more spammers and/or will move the spammer around to different IP addresses.
  • Therefore, if the ISP doesn't cancel the spammer when SPEWS complains, SPEWS expands the listing. (That's why the range listed in the case file for Worldreach is so large.)
  • Your friend is caught in what SPEWS calls "inadvertent blocking". SPEWS wants to make absolutely sure it's blocking spam, so it blocks the netspace assigned to that ISP.

SPEWS is doing exactly what it claims to do. Administrators of email programs know (or should know) that if they use SPEWS they are likely to lose legitimate mail, if it is coming from a spammer-infested network. If your friend needs to get email through, he should contact the ISPs that are blocking his mail and ask to be allowed through.

re: Sometimes Everybody's a Loser

Mr. Rosenthal, with all due respect, why doesn't your friend just send the pointy-haireds at Broadwing a nastygram and take his business elsewhere, instead of just complaining about it? Hell's bells, he's a *lawyer.* Why doesn't he sue Broadwing for failure to give him the services he's paying for, instead of whining and continuing to give them his money?

re: Sometimes Everybody's a Loser

There are rules and laws that might to be respected. There are people that are legitimate from us to let the rules and the laws being respected.

If you are innocent no one can force to change provider or to block your legit emails.

Who enjoy playing God have to remember that isn't an easy thing to do.