Truthout.org Caught Up in SPEWS Blocklist, February 2004

                   Collateral Damage in the Spam Wars.
                          Truthout.org Caught in Blocklist.
 
Date    : February 07, 2004
To      : Editor@mail.truthout.org
Cc      : Director@mail.truthout.org, 
          ISSUES@truthout.org
Attchmnt: 
Subject : Truthout.org email blocked by spews.org for cogentco.com hosting
----- Message Text -----
truthout.org email server at IP 38.114.2.39 has been caught up in a widening list of IP space at cogentco.com blocked by spews.org, a widely used blocklist to protect against abuse from spam supporting ISPs.

First,let me emphasize how much I support the goals and actions of truthout.org. I read the web site almost every day. I pass on articles to my friends and relatives. I hated that when William Rivers Pitt spoke at Indiana University, where I am Manager of Information Systems at http://iuhoosiers.com, the Athletics Department, I was unable to attend because I was recovering from oral surgery. I had to have second hand accounts from friends who attended.

I maintain two personal websites on issues:
          http://keepamericafree.com
          http://mainsleazespam.com

The first is a statement against the threats of the Bush Administration.

The latter, however, is more relevant for this current context. I am going to publish this letter to truthout.org under a new category I am going to create on "collateral damage" in the war against spam, when I update the web site main page news item this morning.

It appears that since the last newsletter from truthout.org I received on January 30, 2004 to [redacted]@edgeinfotech.com, my personal domain and email server, truthout.org newsletters are being bounced by one of the spam email blocklists to which I subscribe.

Note: if you choose to respond by email, please copy me also at [redacted]@[redacted.domain], since otherwise I may not get your email here at [redacted]@edgeinfotech.com, although I am going to try to find the time to whitelist email from truthout.org this weekend in my email servers access.db file.

What follows is an explanation for your information on why this is happening, why I support it, and what you need to do about it.

In reviewing the logs on my personal email server here at home, where I recently redirected my subscription to truthout.org email newsletters, I discovered I have begun seeing entries indicating that email from truthout is being rejected by one of the major email abuse blocklists which I have integrated into my email service to protect me from the rampant growth of spam email abuse:
=====================================================================
ruleset=check_rcpt, arg1=,
relay=lists.truthout.org [38.114.2.39], reject=554 5.7.1 Mail from   
38.114.2.39 rejected l1.spews.dnabl.sorbs.net; 
see http://www.us.sorbs.net/: 1 Time(s)
=====================================================================
What this means? 
  l1.spews.dnabl.sorbs.net in the above means this IP is listed at:
  
  http://www.spews.org/html/S1528.html
which lists the evidence for the listing for spam email abuse.

The incredibly lengthy evidence file there lists many, many major spam operations under the umbrella of OffersCentral/greatdealsdepot/seenetix

However, the real crux of the matter affecting truthout.org is this line:
=====================================================================
1, 38.114.0.0/22, Cogent (dns1.coolhosting202.net 
(on listed 1-800 Hosting spam house))
=====================================================================
The 0/22 means that 1,024 host machines are included in the blocked range. This is CIDR notation for expressing a block of IP hosts:
  http://itadmin.appfa.auckland.ac.nz/FAQ/Network/IP-CIDR.html

For an explanation of spews.org blocklisting criteria and the reason for the existence of spews.org, see:
    http://www.spews.org/faq.html
It is important to understand that spews.org , per their published FAQ, will progressively list widening ranges of IP numbers if complaints to an ISP (Internet Service Provide) go unanswered, and spam email abuse or spam support services (e.g. web hosting) are allowed to continue by the ISP after notification. In this case, your email injection point IP appears to be in cogentco IP space: 
=====================================================================
Performance Systems International Inc. PSINETA (NET-38-0-0-0-1)
                                  38.0.0.0 - 38.255.255.255
Performance Systems International Inc. COGENT-NB-0002 
                  (NET-38-112-0-0-1)38.112.0.0 - 38.119.255.255
=====================================================================
whois.arin.net give this information on that netblock as abuse 
contact:  
        OrgAbuseHandle: COGEN-ARIN
        OrgAbuseName:   Cogent Abuse
        OrgAbusePhone:  +1-877-875-4311
        OrgAbuseEmail:  abuse@cogentco.com
And that may be much of the problem. cogentco.com has an unfortunate but widely held reputation in the anti-spam community of doing pretty much nothing when evidence of spam email abuse or support is presented to its abuse desk:

You can verify this yourself in public archives at groups.google.com of postings to the news.admin.net-abuse.* hierarchy of newsgroups, by clicking on the search string below or copying and pasting it into your web browser.
         Search news.admin.net-abuse.* for cogentco.com
Just now I got over 6,100 hit of evidence of spam for spam support, discussions of cogentco.com spam, and more, as returned results of this search of the archives.

When you keep in mind that most experts agree that you will find one sample of spam for every 50,000 to 100,000 copies injected by the spammer into the Internet, you beging to get the idea. Recently some in the anti-spam community have suggested revising these figures, as many no longer take the time to post samples to the archives or complain, since the problem is so out of hand and of such insufferable magnitude. Instead, responsible admins are beginning to just wall off and refuse to accept email from offending ISP netblocks. I moved into the latter category over the past year in my operations.

So, while truthout.org is in no way listed itself as a spammer, the email coming from this IP appears at the moment to be caught up in a widening blocklist of cogentco.com IP space due to their inaction to stop abuse from their network by others.

Note that this is a tactic that I have advocated for several years, and that I firmly support the necessity of this tactic. It is completely unacceptable to expect that an ISP can prosper both from its legitimate customers, and at the same time from those committing massive Net abuse, 90% of which is now completely illegal (proxy and relay hijacking, no working remove address, no legitimate contact information, etc.) under the otherwise useless and reprehensible "You CAN SPAM Act" signed by Resident Bush in December, 2003. [For details, commentary, and news articles for the past five weeks see ].
         You CAN SPAM Act Commentary

You need to move your servers to non-blocked IP space. If cogentco.com is unwilling to provide such, change providers.

Note that absolutely it is cogentco.com's responsibility to stop enabling ongoing Net abuse. It is not the responsibility of the recipients who are defending their servers against abuse, it is cogentco.com's responsibility.

Further, the day of granular blocking is over, i.e. just block the spammers' email on an ISP, don't block others. ISPs, in this case, it appears, cogento.com, are only too happy, because then there is no social pressure brought by the rest of the Internet, and they get to take the money of their good and their bad customers.

Try to understand this in the context of property rights. Spam email is NOT a free speech issue. It is trespass to chattel. My server for my domains reside in my house, on a permanent Internet connection. I paid for them. The very nature of the Internet is that of a voluntary aggregation and connection of independent privately owned networks. Common carrier laws do not apply. I have the right legal and ethically to reject traffic from any node on the network which is acting in an abusive fashion. That is the crux of the matter.

[It is also why the "You CAN SPAM Act" is incredibly uninformed and bad legislation. See my web site for an explanation, see especially the copy of my letter to Sen. Richard Lugar sent last summer.
         Letter to Senator Richard Lugar, Indiana
A damned shame he did not pay attention. But then he ignored all my letters explaining the corporate takeover of America, the abdication by Congress of the war making powers, and the fact there were not any weapons of mass destruction in Iraq. As did Bayh, but then he is Republican in sheep's clothing now, anyway.]

--
Ronald D. Edge
http://edgeinfotech.com
http://mainsleazespam.com
http://keepamericafree.com