Aunty Spam's
Slam a Spammer Blog

Home RSS Archives Aunty's CAN-SPAM eBook with FREE pdf! Spam & the Law Conference Add to My Yahoo! Subscribe with Bloglines
SEND A QUESTION OR COMPLIMENT TO AUNTY! BE SURE TO ADD THE .com AT THE END!

June 9, 2004

Aunty Spam: What is an Anti-Spam DNS Blacklist?

Posted 2 days, 11 hours ago on June 9, 2004

Dear Aunty Spam,

A friend of mine recently said that they were unable to send me email because my ISP uses a "blacklist" and their email address was listed on that blacklist.

What are these blacklists? Who runs them, and why do they get to decide whether my friend can send me email or not?

P.J.



---

Dear P.J.,

Your friend is almost certainly referring to what is typically known in the industry as either a DNS blocklist, or a DNS blacklist, depending upon with whom you speak.

Such a DNS list is typically a list of IP addresses all of which have some trait or traits in common, usually having to do with their association with spam. For example, a list might be a list of all IP addresses of which the list maintainer is aware which harbor open proxies or open mail relays through which a spammer has recently sent spam. Or it might be a list of IP addresses which are known to send email (spam) which does not meet with the list maintainer's standards for the sending of bulk email. It could even be something like a list of all IP addresses which the list maintainer doesn't like because they end in an odd number, or the numbers add up to 13, or any other arbitrary criteria set by the list maintainer.

Email receivers, such as ISPs and some spam filters, may choose to check this list whenever they get an incoming email, to see whether the IP address sending the email is listed on the DNS list. If the IP address is listed on the list, the ISP may choose to block the email rather than to accept and deliver it - hence the term "blocklist". There has been a great deal of debate as to whether these lists are more properly called "blocklists" or "blacklists", but it really doesn't matter what they are called - their function is to serve as an advisory for the receiving systems which use them. There are presently at least a dozen or so such lists which are used on a regular basis by ISPs and spam filters, and probably at least a dozen more which are used by smaller or less public systems.

Unfortunately, problems can occur when either the receiving system doesn't really understand the nature of the list they are using, or when the list maintainer doesn't have in place adequate methods for ensuring against false positives, or both. For example, some DNS blocklists will list an entire block of IP addresses belonging to a given site, even though only one of those IP addresses actually was associated with the underlying spam. This means that if a receiving ISP uses that list, they may end up rejecting all email coming from that site, not just spam. Other blocklists may list an IP address based only on complaints from users, without checking the facts, causing IP addresses to get listed on the blocklist simply because the user forgot that they had subscribed to a given email list, and so they reported it to the blocklist maintainer as 'spam'.

Now don't get Aunty wrong. There are some very well-maintained blocklists out there - two which come immediately to Aunty's mind are SpamHaus and MAPS. However there are others which are somewhat less well maintained, and those typically are the ones which cause the problems.

As to your friend's problem, both of you should determine which DNS blocklist is involved, and then contact the abuse and support departments of your respective ISPs, and ask them to please get the situation resolved. If it turns out that the IP address is properly listed in a responsibly-maintained DNS blocklist, then perhaps your friend should consider moving to a new provider. If it turns out that the list in question is one of the less reliably maintained lists, and your ISP continues to use it despite evidence of its unreliability, then perhaps it is your own ISP which needs to be replaced.

Incidentally, a great place to look up on which blocklists, if any, a given IP address is listed is at http://www.samspade.org. Tell 'em Aunty sent you.

Kissy kissy,

Aunty


June 5, 2004

Look! Up in the sky! It's a bird! It's a plane! No! It's an instant message!

Posted 6 days, 7 hours ago on June 5, 2004
Nokia has announced production of a celphone which allows you to project short text messages into the air via a series of LEDs.

The Nokia 3220 takes advantage of a known quirk of human vision, which causes us to see rapidly sequenced images as one whole image rather than as the individual parts. Thus when someone's 3220 blinks out H - E - L - L - 0 in sequence, you will instead see it as "HELLO".

Of course, you'll be seeing it suspended in mid-air, and it will be visible from as much as 20 or more feet away - with night distances of much more, according to Nokia.

This could bring a rather novel player to the spam table. If someone finds your celphone i.d., and sends you a text message unbidden, depending on the context and the content, it is, arguably, spam. But what if they aim that same text message at you through the air? What if they march up to your table, stand right in front of you,, legs akimbo, and put their Nokia 3220 right in your face, and text message your eyeballs? Is it spam then? (Bloody rude, yes, but is it spam?)

Intuitively, the answer is "no". But I'd imagine some clever people out there could think of some instances where it would not be so obviously so.

Can you?



June 2, 2004

Microsoft Now Owns Patent on the "double click"

Posted 1 week, 1 day ago on June 2, 2004
You heard it here from Aunty first (unless you read it somewhere else, of course) - yes, it's true...

Microsoft Corporation has been granted a patent, Aunty kids you not, on


"A method and system are provided for extending the functionality of application buttons on a limited resource computing device. Alternative application functions are launched based on the length of time an application button is pressed. A default function for an application is launched if the button is pressed for a short, i.e., normal, period of time.


"Oh, c'mon, Aunty," Aunty can almost hear you saying, "surely that doesn't really mean the "double click"!"

Read on (and this is all directly from their patent application abstract):



"An alternative function of the application is launched if the button is pressed for a long, (e.g., at least one second), period of time. Still another function can be launched if the application button is pressed multiple times within a short period of time, e.g., double click."



Did Aunty say that Microsoft owns the patent on the "double click"? What Aunty really wanted to say was "Microsoft now owns your ass", but of course, that wouldn't be polite.

Of course, perhaps this is Microsoft's altruistic way of trying to prove to the patent office just how out of control they have gotten, by filing a patent so patently (no pun intended) ridiculous, in order to show how far gone the system has become. Perhaps they had their fingers crossed.

Naaaaaaaah....

So Aunty will just leave the reader with this thought:

From now on, every time you program anything which includes requiring the user to double click, you're infringing on Microsoft's new patent.

Heartwarming, isn't it?

Kissy kissy,

Aunty

June 1, 2004

Bicy Wifi Shanghai

Posted 1 week, 2 days ago on June 1, 2004
Here's an interesting twist on war-driving*: war cycling.

[*For those of you not familiar with the term, 'war-driving' refers to the act of driving around, wifi-enabled laptop in hand (or on the seat or lap next to you), and finding unsecured wireless access points through which you can send email - usually spam.]

Now cometh Yury Gitman, of the City of New York, with his "Magicbike" - the wifi-enabled bicycle. But this is not, a recent BBC news report tells us, just a nifty alternative to your favourite internet cafe. Oh no.

The Magicbike can, we are told, "fulfill an important function in bringing internet connectivity to areas ignored by the traditional telecommunications industry."

Like the section of sidewalk beneath the apartment containing that unsecured wireless access point.

But at least Gitman is aware of the issues, as BBC news goes on to explain that "Mr Gitman admits that borrowing bandwidth from nearby open networks is something of a legal grey area."

In the same way that stealing cable from your neighbour is something of a grey area.

Explained Gitman in the BBC article, "There is not a one world legal answer but it is arguable that it is sometimes illegal."

That, at least, is true. For certain values of "sometimes". Like, as in, almost always.

And you thought Gmail was a privacy nightmare!

Posted 1 week, 2 days ago on June 1, 2004
If you are one of the legion who think that Gmail is a privacy nightmare, then just be glad that you don't live in Zimbabwe.

According to a report by BBC News, the government of Zimbabwe has introduced a proposal which would require Zimbabwean ISPs to report email which is deemed to be "offensive or dangerous".

In a country where it is illegal to "undermine the authority of the president", to "engender hostility" towards him, or to make abusive, obscene or false statements against him, this is concerning indeed.

According to the BBC report, "President Robert Mugabe has suggested the internet, [which is] widely developed in Zimbabwe, is a tool of colonialists," and last year he "described the internet as a tool used by "a few countries... in quest of global dominance and hegemony". "

Of course, it may be that Google is one of those countries but really, in the grand scheme of things, we have it pretty good here.



To Unsubscribe or Not to Unsubscribe: That is the Question

Posted 1 week, 2 days ago on June 1, 2004
Gentle readers,

As Aunty has discussed in the past, the question of whether or not to unsubscribe from unwanted email is a tricky one.

Traditionally, and certainly prior to 2004, the conventional wisdom among those in the know was that one should never unsubscribe from any unwanted email (spam) because all it did was help that nasty spammer to confirm that there was a warm body with a working pair of eyes at the receiving end of the email transaction.

With the enactment of the CAN-SPAM act, which went into effect at the beginning of this year, those sending bulk commercial email (such as to a mailing list) are required to do several things with respect to each and every email, among them being to include a functioning unsubscribe link or other unsubscribe mechanism, and to actually honour each unsubscribe request (within ten days, which is far too long a period of time in Aunty's opinion, but at least they have to honour it).

Still, we had trained a generation of email users to never hit 'unsubscribe', and to, instead, report any such unwanted email as 'spam'.

Unfortunately, there is a lot of unwanted email which really isn't spam. It's email you may have requested at some point and no longer want to receive, or it's email which perhaps you agreed to receive in order to gain access to a website or to receive a free service - but really you had your fingers crossed because everyone knows that nobody would really want that email. That sort of email.

Now we have the new Renaissance email marketer, who is playing by the books, who may not only be CAN-SPAM compliant but going above and beyond the requirements of CAN-SPAM, maybe even using - gasp - confirmed opt-in. And they certainly have functioning unsubscribe links in all of their email - and they honour their unsubscribe requests. Really, they exist. Aunty has even met a few of them.

According to a new study released this week by Lashback LLC of Millstodt, Missouri, creators of Lashback anti-spam software, at least 85% of all unsubscribe links actually work!

Hallelujah!

Of course, by Aunty's estimation, only about 5% of end-users bother to use those functioning unsubscribe links; the rest, if they take any action at all...you guessed it...report the email as spam.

Now, Aunty is not suggesting that you unsubscribe from email which you never, ever requested, from a sender with whom you have no relationship whatsoever. That is the sort of email in which the unsubscribe link may more properly be called the "confirm a pulse in the recipient" link. No, Aunty is talking about that sort of email described above - email you don't want, but which doesn't really come from out of the blue.

In that case, the polite thing to do is to unsubscribe. After all, if the senders are going to play by the rules, it's only fair that we do too - otherwise what incentive do those senders have to do the right thing? Even ISPs are starting to realize this and get into the act - Aunty knows of more than a few ISPs which will take a spam complaint from a user and...click on the unsubscribe link for them (only, of course, if the sender is a legitimate sender known to the ISP).

So take care, and take a moment to determine from where that email comes. If it's someone with whom you have any sort of relationship - any sort of legitimate company - give them the benefit of the doubt, and assume that they are in that 85%+ of senders who will actually honour that unsubscribe.

Of course, for the other sort - let 'em rip.

Kissy kissy,

Aunty




May 28, 2004

California Senate Sends Gmail a Message

Posted 28 minutes, 9 seconds ago on May 28, 2004
The BBC reports today that the California Senate has passed SB 1822, aimed at limiting Google's ability to scan email coming in to the users of their Gmail system, and also limiting Google's ability to archive and sell the resulting information.

Now, Aunty is old enough to remember some real wholesale intrusions on privacy, and jaded enough to question anyone having obviously invasive powers, but there are a few things which occur to Aunty - maybe it's her doddering age, but:

1. Google is a business entity, not a government, for chrissakes. Business entities invade your privacy all the time, especially when you are availing yourself of their services - if you don't like it, don't sign up for their services. The reason that a private high school can perform a locker search, and a public school cannot, is because the public school is, arguably, a government entity. The reason that pretty much everyone and their dog now tell you, while you are on hold for 112 minutes when calling their customer service line, that "this call may be monitored for training purposes" but the nice men in the blue suits have to get a warrant to listen in on your conversations is because, again, the men in suits work for a government agency. The people who put you on hold do not. Deal with it.

2. Gmail is a voluntary service, and you'd have to be blind, deaf, and dumb to not know at this point, before signing up for their free services (and did Aunty mention that it's voluntary?), that they scan your email for content in order to serve up their Adsense ads with your email. ("Would you like spam with that?")

3. Google is doing nothing different in terms of scanning email content than any one of dozens of spam filtering companies do - for which their users often pay them handsomely, not slap them with restrictive legislation.

But, on the whole, it's a really good thing that Ms. Senator Figueroa is spearheading this new law, because goodness knows that in the U.S., and in California in particular, we wouldn't want to break with tradition and societal culture and..you know, make people be accountable and responsible for their own decisions. Oh no.

May 26, 2004

A Gaggle of Google Giggles (Gmail)

Posted 2 weeks, 1 day ago on May 26, 2004
As many of you know, Aunty was one of the people blessed with a Gmail account early on (relatedly, she was also 'blessed' with everybody and their brother coming out of the woodwork asking her to please get them a Gmail account, too).

After the initial testing, which you can read about in the archives, Aunty left the account alone for a while, and this week logged in to find:

38 new pieces of email in the inbox
74 new pieces of spam in the spambox

So Aunty's Gmail account received 112 pieces of email, of which 103 were spam.

Of those 103 pieces of of spam, 74 - not even seventy-five percent - of them were tagged as spam and went into the spambox. Hoo-blanking-rah.
Aunty's Spam Assassin on Aunty's home server does better than that.

That means that 29 pieces of spam - more than 25% - ended up in Aunty's inbox.

And this was, as before, no borderline spam. Oh no. Of the 29 pieces of spam:

9 of them were from the desk of someone in Nigeria.
6 of them were CONGRATULATING me on the fact that I'VE WON!
3 of them were in some sort of Asian characters.
All of them were..you know..in Aunty's inbox.

Oh, and of the nine pieces of legitimate email in Aunty's inbox? Eight of them were from complete strangers...you guessed it..begging a Gmail account.

May 25, 2004

Aunty Spam Exclusive: Interview with a Spammer - Aunty Gets Down and Dirty with Spam King Scott Richter

Posted 2 weeks, 2 days ago on May 25, 2004
This is the first in a series of dialogues wiith self-proclaimed Spam King and Daily Show veteran, Scott Richter. Aunty has agreed to provide this venue to allow Mr. Richter to take and respond to questions from Aunty's readers. If you have questions or comments for Mr. Richter, please leave them as a comment to this article, and Mr. Richter will respond to them. Kissy, kissy - Aunty

Update: Scott Richter has responded to many questions and comments which Aunty's readers have posted for him. See the comments section at the end of this interview.

---

Aunty:   I'm sure it will come as no surprise when Aunty tells you that you aren't the most beloved email sender in the world, and are often called the "King of Spam", a name you've even joked about yourself.  Is your reputation as a "spammer" deserved?

Richter: I was looking to be part of royalty but did not expect to be the King of Spam. On the other hand we are a marketing company so we have to make do with what comes our way and run with it.

Aunty:  Ok, but are you really a spammer?  Do you deserve to be called the King of Spammers, one of the top spammers?  Is it a case of if you are going to do something, you might as well do it right?

Richter: No, based on CAN-SPAM in the U.S. I am not a spammer. The Spam King name is just a name given by the media. I soon will be the Anti-Spam King.

Many people have nick names, some relate to them more then others.

Aunty:   Recently you've said that you want to go straight, and to change your wicked spamming ways.  But you've also bragged about how much money you make from spam, so why should Aunty believe you?  Why should anyone believe you?

Richter: Actually I have not bragged, this is something reporters usually write about and misquote. I actually do not do what I do for the need of money. I just enjoy working and employing employees and building a business. I am like most people, and really enjoy a challenge. What many may find interesting is that I wanted to hang it up or move on many times, but the pressure from the anti-spammers is actually what keeps me motivated and in the game. It's like chess, no one wants to lose.

Aunty:  So, again, why should anyone believe you that you want to go straight and send only wanted, opted-in to email?   Tell us something which will convince us that you really want to go straight.

Richter: Actions speak louder then words. Any ISP who has worked with us and allowed us the chance to meet their guidelines can, I think, honestly say we have done a good job doing it.

Aunty:  Aunty has heard from more than a few sources that they have received spam from you as recently as this week.   Are you still sending spam?   And if so, why?

Richter: This is an interesting question. I think if the definition of "spam" is based on CAN SPAM, we are not sending spam. If "spam" is based on a third-party's statements based in another country outside the U.S. then some may call it spam.

Another issue people to not understand is that we host a large amount of clients on our network and most anti-spam fighters do not take the time to read past the IP space, and just find it easier to blame me for it.

However, by not complaining about an abuser on our network, because they either think its me or for whatever reason, we then do not have the chance to know and deal with it, which then actually can cause a large abuse issue to take place if we are not told about it.

Aunty:  So all of the email you send now complies with CAN-SPAM?

Richter: All of the email that we personally send has always complied with CAN SPAM to the best of my knowledge.

Aunty:  If you could sit down at a table with the heads of the top six ISPs in the United States, what would you want to say to them?

Richter: I would ask them to give me the opportunity that two of the six ISPs have given us to show that we can follow anyone's rules and work with them. All I ask is to be treated equally.

Aunty:  Are you saying that if an ISP lays down the rules for you, you will abide by them and that the only email you will send to that ISP is email which meets their criteria?

Richter: Correct. Different ISPs have different requirements on many things, all the way down to bounce handling. We have no issue meeting or exceeding any ISP's requirements of us.

Aunty:  Same question, but for the top six spam filters in the United States.

Richter: Probably thank a few of them for building Optinrealbig.com LLC to what it is today. If not for the Spamhaus yellow pages most would have never found us. You really cannot put a value on the advertising it does for us. It's sad but true in a way that Spamhaus works against itself as it advertises what ISPs to use, and who the top senders they list are, so most advertisers use it when deciding who they want to work with.

I would also ask that any filtering company judge us like they judge any other ISP. We face many of the same issues with hosted clients, and harassing us, our upstreams or people we work with is wrong. Besides, when was the last time the harassment really worked and put anyone out of business for good?

On the other hand if they were more civil and open minded instead of a few which are one-track minded, they probably could have made a difference on the net a long time ago and email wouldn't be where it is today.

Aunty:  You say that you would like to be judged like any other ISP, but you're not just an ISP.  You are also, by your own admission, a "high volume email deployer".   What would you say to the ISPs and spam filters which are blocking specifically the email which you, not your customers, send, or which you send for your customers?

Richter: That is their choice, all we can do is ask them to unblock us, and meet whatever they require of us to stay unblocked or whitelisted.

Aunty:  What do you think of anti-spammers?

Richter: I think some are super great people who truly want to make a difference and understand that no matter what you think of someone, if you give them a chance and work with them you can change them. Then others I think are so one-track minded that it's a shame they give the good ones such a bad image - all they do is complain and post to many newsgroups with no hope of ever making a difference. It's sad to put in so much time to something that you really don't effect. If they want the attention they should work with email houses to make a difference, and suggest ideas that are open-minded and which over time can work. Not "you're blocked until you die", that just wont solve anyone's issues.

Aunty:  Like what kind of ideas?  If you were going to consult to email houses and tell them what they need to do to clean up their act and get their mail delivered, what would you tell them to do?

Richter: I would tell them to work one on one with what ever ISPs are blocking them and to follow what ever requirements they have.

Aunty:  Who do you think is the biggest problem spammer out there today?

Richter: Hard to say, but from email I get it's who ever is joe jobbing us.

[Ed. note: A "joe job", in anti-spam parlance, is the act of sending spam and forging the "From:" information to make it appear that the spam is coming from someone else.]

Richter: I have taken a lot of blame for huge joe jobs against us. The good part is there are a few respected anti-spam fighters who have pointed this out to the others who were blaming me for it, and we are working to find out who is behind it and to seek legal action against them.

Aunty:  There's a kind of poetic irony to the King of Spam suing another spammer for sending spam which makes it look like the King of Spammers is spamming, isn't there?

Richter: No, I see it as one legit high volume sender going after one illegal unlegit email sender for damaging his reputation.

As to name names, its tough, I really do not know the workings of the really bad ones. I am under the impression that most of them are in Russia, from reading what people write about them.

Aunty:  Well, let me give you a name.  Ronnie Scelson told the U.S. Senate Commerce Committee this week that he was trying to abide by CAN-SPAM, but that if ISPs like AOL and Hotmail didn't stop blocking his email, he was going to resort to using deceptive tactics again.  What do you think about that?

Richter: I think that is wrong and very bad. I am not him, so that is his business, not mine.

Aunty:  If you could advise the United States government as to the best thing they could do to stop that pesky spam problem, what would your advice be?

Richter: I think they have begun it, I think CAN SPAM is a start. I think that over time they will change it more, but at least they laid the ground work to start. Also with the FBI now investigating, and the FTC, I'm sure that a few more crackdowns like what took place a few weeks back will send a message to anyone U.S.-based, doing anything that is not compliant, to quit real fast.

Aunty:  Do you really think so?  You said earlier that it is like a chess game, others have compared it to a cat and mouse game.  Why do you think that if there are legal crackdowns, spammers will stop spamming rather than just finding a new move?

Richter: Just a lucky guess. My instinct tells me that most illegal spammers cannot be really making that much money, and that the cat and mouse game will end sooner or later for them.

As I have said and will always say, the big issue is this is a global issue, and while we may solve the problem here in the U.S., we need to solve it somehow globally.

Aunty:  Is there any question which you think Aunty should have asked you?  If so, what is it, and what is your answer?

Richter: So many, but I'd rather let the readers write in to ask what they feel is most important to them.

Aunty:  Is there anything else you would like to say to Aunty's readers, or the world at large?

Richter: The most important is that no matter what, people on either side of the issue should realize that at the end of the day we are all human, and that treating anyone like a human will get them a lot further then they may imagine.

---

To send questions or comments to Mr. Richter, please leave them as a comment to this article, and Mr. Richter will respond to them.

May 22, 2004

Advertiser Accountability under CAN-SPAM

Posted 2 weeks, 5 days ago on May 22, 2004
Aunty had a really proud moment this week, when Senator John McCain said, during the Senate Commerce Committee Hearings on the effectiveness of CAN-SPAM to date, "If the FTC can't find the spammers, it should do the next best thing: go after the businesses that knowingly hire spammers to promote their goods and services..."

Senator McCain is referring to Section 6 of CAN-SPAM, which holds those who knowingly advertise in spam responsible just as if they had sent the spam themselves.

Aunty worked closely with Senator McCain's office on both the concept, and on the language which ultimately became Section 6. Aunty believes strongly in advertiser accountability, and was proud to hear Senator McCain pointing to it, and telling the FTC to use it.

Thank you, Senator McCain! Kissy kissy, Aunty



Check Out:

The Accidental Evangelist
Dear Esq. Column
Fathers Rights
Post an audio message to this blog! Only .97 cents!
Call 661-716-BLOG,
enter account number 111-222-3333, pin number 4444.
Call and then pay, or pay and then call!

Earlier

To Unsubscribe or Not to...
California Senate Sends...
A Gaggle of Google Giggles...
Aunty Spam Exclusive:...
Advertiser Accountability...

photography class online

Aunty Spam Provided By ISIPP

CAN-SPAM Teleseminar 5/6/04
CAN-SPAM Teleseminar 5/13/04
Spam & the Law Conference 7/29/04
CAN-SPAM Compliance Pack

Other Blogs & Sites

Fun Anti-Spam Novelty Products
The Spam Blog
Spam Primer
DadsRights.org




Slam a Spammer
Store!
Powered by bBlog