I recently grew frustrated at the lack of a good, fast RBL checking web site. So, during the MailChannels summer hackathon on a remote island in the Pacific Northwest, I coded up an AJAX-based blacklist check web page. This new service is a work in progress, but already satisfies a few goals I had in mind at the start of the hackathon:
- It’s fast – DNS lookups are done in parallel, so a complete set of results usually comes back in under one second;
- It’s easy – IP addresses and host names are accepted, and CIDRs will be added soon; and,
- It gives you useful information – such as the ASN and subnet range from which the IP address was allocated.
For those of you who are so inclined, feel free to figure out the wire-line protocol, which is a REST-ful JSON thing. I can’t promise it won’t be rate limited, but I certainly don’t mind if you script it to provide the back-end for your own multi-RBL checking service.
Without further adieu, here’s the link:
http://www.mailchannels.com/blacklist-check.html
Tags: blacklist, blacklist check, rbl
If you’re unlucky enough to be operating a mail server within Amazon.com’s Elastic Compute Cloud (EC2), you’ve probably had your share of problems sending email. At various times, Trend Micro’s MAPS+ service, the Spamhaus PBL, and other block lists have listed Amazon’s entire IP space, causing delivery problems for all Amazon EC2 customers regardless of their individual IP reputation.
The latest salvo in this reputation war comes to us from SORBS (aka, “Spam and Open Relay Blocking System”). SORBS has listed the entire Amazon EC2 IP address space as a source of spam and are sending out the following message to anyone who attempts to get their EC2 IP address de-listed:
From: SORBS Support (Matti Meikäläinen) <payments@support.sorbs.net>
You are an innocent party that has been included in an escalated listing against your service provider. Hints for who that might be can usually be found in WHOIS.
You are not required to address the issue in any way as it is overwhelmingly likely that the entry was not generated because of your actions. It is also the case that there is nothing that you, as a customer of the listed provider, can do about it. The listing will not be removed until your service provider successfully addresses it in direct contact with SORBS.
Please take this issue up with your service provider.
Note that it is possible that (and the volunteer sending you this form letter response hasn’t even checked whether) your service provider is already in communication with SORBS. If they are and the listing persists regardless, they have either not yet addressed the issue to our satisfaction or something else is holding up the matter.
–
Matti
SORBS volunteer
SORBS and others have perfectly understandable reasons for listing Amazon EC2′s IP space – namely, there are a lot of spammers operating within Amazon EC2 and Amazon has so far not been able to get the problem under control. Their response to abuse complaints has also been slower than what the anti-abuse community would like.
I know that Amazon has good people working on fixing this problem. The SORBS listing is a sign that they perhaps need to work a bit harder, regardless of what anyone’s opinion of SORBS might be.
Tags: amazon, amazon ec2, blacklist, blacklists, blocklist, ec2, sorbs
January 4th, 2010
Posted in Uncategorized
Greg Troxel reported on the SpamAssassin users mailing list today that he had received the first spam message sent via IPv6 (the successor to IPv4, the Internet Protocol addressing system).
The anti spam community is very concerned about IPv6 because its enormous address space will enable spammers to have access to a virtually unlimited number of IP addresses, rendering traditional “black lists” obsolete. When spammers start sending through IPv6 in earnest, receivers will have to rely on reputation-based whitelisting, treating new IPv6 addresses with a great deal of suspicion until they establish themselves to be trustworthy.
Could this be the end of Spamhaus and other venerable blacklists? Not so fast. It will take decades for IPv4 to be phased out in favour of the new standard. And until that happens, blocking will remain an indispensable technique for stopping spam.
The raw message looks like this (
Link):
Return-Path: X-Spam-DCC: _DCCB_:_DCCRX-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on fnord.ir.bbn.comX-Spam-Level:X-Spam-Status: No, score=-4.8 required=1.0 tests=ALL_TRUSTED,AWL,BAYES_95,DATE_IN_PAST_12_24,TVD_PH_SUBJ_META autolearn=no version=3.2.5X-Original-To: gdt@ir.bbn.comDelivered-To: gdt@ir.bbn.comReceived: from vilab.hit.edu.cn (unknown [IPv6:2001:da8:b800:228:5054:abff:fe10:8e4c])(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))(No client certificate requested)by fnord.ir.bbn.com (Postfix) with ESMTPS id 86A4C5489for ; Sun, 3 Jan 2010 22:17:03 -0500 (EST)Received: from vilab.hit.edu.cn (localhost [127.0.0.1])by vilab.hit.edu.cn (Postfix) with ESMTP id 8BEF2B10DE1;Sun, 3 Jan 2010 21:59:27 +0800 (CST)From: "UN-HABITAT" Reply-To: ups.deliveryservice@hotmail.comSubject: NoticeDate: Sun, 3 Jan 2010 21:59:27 +0800Message-Id: <20100103125409.m77170@vilab.hit.edu.cn>X-Mailer: OpenWebMail 2.53-B2DX-OriginatingIP: 78.138.3.236 (jcsun)MIME-Version: 1.0Content-Type: text/plain;charset=utf-8To: undisclosed-recipients:;X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fnord.ir.bbn.com [0.0.0.0]); Sun, 03 Jan 2010 22:17:05 -0500 (EST)
Your Attention,
After several attempt to reach you, I deemed it necessary and urgent tocontact you with your email and to notify you finally about theoutstanding settlement of your compensation which is being given out bythe United Nations Human Settlements Programme. This compensation is beingmade to all victims that have lost their money through any onlinetransactions or as a result of Scam activities. It has come to our noticethat many of you have lost your money by falling victim to some internetfraudsters.
The United Nations Human Settlements Programme, UN-HABITAT, is the UnitedNations agency for human settlements. It is mandated by the UN GeneralAssembly to promote humanly, socially and environmentally with the goal ofproviding adequate shelter for all.
As a result of this scam activities spreading over the internet, theUnited Nations Human Settlements Programme, UN-HABITAT have decided to getdetails of most victims who were previously scammed by these fraudsters.
This Human Settlements Programme is design to compensate every one of youwith the sum of $500,000.00 USD to help settle all your debts and start anew business.
We have concluded all the necessary arrangements towards the release ofyour settlement Check sum of $500,000.00 USD with the financial committeeof the United Nations Human Settlements Programme in collaboration withthe United Parcel Service LTD (UPS) Nigeria, to deliver the check sum of$500,000.00 USD which is registered with Ref No: UN014-0157/UPS-UN-HABITATto your Compensation Check Parcel.
You are therefore to contact the United Parcel Service LTD (UPS) Nigeria,with the below information in order to claim your compensation check. Take
note that we have not pay for the shipment of your Check Parcel as youwill be required to pay the shipping/handling charges for yourcompensation check to be deliverd to you.
You are required to contact the UPS Courier Service with the belowinformation
Name:Delivery Address:Direct Phone number:Sex:Country:
=================================United Parcel Service Nigeria LTDPlot 781 Emeka Anyaoku StreetArea Eleven GarkiFCT-AbujaNigeria.Tel: +234-813-643-9535Email: ups.deliveryservice@hotmail.com=================================
Accept our regards.
Higgins A. DeniseUN-HABITAT Information Office
Tags: blacklist, IPv4, IPv6, spam, spamhaus
December 4th, 2007
Posted in Uncategorized
E-mail began to develop in 1965 when a messaging system to allow users of a shared mainframe to communicate locally created. It wasn’t until 1971 that Ray Tomlinson picked the @ symbol addressing convention to allow inter-networked machines to exchange messages. Oh and if you’re wondering what the first e-mail he sent contained, he believes it was something along the lines of “QWERTYUIOP” but he can’t quite remember. Perhaps because he couldn’t check his sent items as it wasn’t until 1972 when the first e-mail management program emerged. No wonder so many people in the sixties shared peace and love since they didn’t have to deal with spam.
In the seventies e-mail was used primarily be researchers and government agencies. Although believe it or not, the Queen of England did send an e-mail in 1976 as part of a demonstration and was the first head of state to do so! At this time spam didn’t exist unless you were referring to Spam of the meat variety. It was quite impressive then that in 1975, Dr. Jon Postel wrote the IETF document RFC706 related to the possibility of junk e-mail titled “On the junk mail problem” but figured it would be the result of a malfunctioning machine:
It would be useful for a Host to be able to decline messages from sources it believes are misbehaving or are simply annoying. If the Host/IMP interface protocol allowed the Host to say to the IMP “refuse messages from Host X”, the IMPs could discard the unwanted messages at their earliest opportunity returning a “refused” notice to the offending Host.
He also went out to suggest black listing based on a frequency analysis of messages from a host:
A Host might make use of such a facility by measuring, per source, the number of undesired messages per unit time, if this measure exceeds a threshold then the Host could issue the “refuse messages from Host X” message to the IMP.
The first spam message didn’t really appear until 1978 when the DEC marketing department sent a message advertising a seminar in California. In 1988, a person posted to multiple newsgroups asking for college fund donations. The term “spam” emerged in 1993 when usenet moderation software with a bug posted around 200 messages by accident. From 1994 onwards the spam problem continued to escalate to the situation we have here today where open relays and proxies were dropped in favor of compromised home user machines.
Tags: blacklist, spam
POST
FIRST
PREVIOUS
