OT: Spam Blacklists

drew einhorn drew.einhorn at gmail.com
Mon Nov 20 14:47:28 UTC 2006 

Oops,  Sorry about the HTML crap.

Twas late at night and did not notice my gmail account had
started sending HTML.

Anyway, here's a revised and expanded text version of the
complaint that failed to make it to the list.

-----------------------------------------------------------------------

Please stop blocking traffic based on erroneous info from bogus
antispam vigilantes.


A week or so ago my outgoing email to a couple techsuppport listservs
began disappearing into a blackhole.  Which made it very difficult
to get advice about the problems I was asking about.

Then I found:
http://www.mxtoolbox.com/blacklists.aspx?AG=GBL&gclid=CI7gntKM1YgCFQR8VAod9FJsZg

Giving it a try I found:

Checking 209.181.116.105 against 138 known blacklists...
Listed: 1 time(s)
Timeouts:10

Blacklist Name          Status  Reason                  TTL
Response Time (ms)
NOMOREFUNN              Listed  LISTED  added 2002-04-11; spam support
- netblk-q0228-65-125-188-0
                        Return codes were: 127.0.0.7    1443    3328

NOMOREFUNN can be found at:  http://www.moensted.dk/spam/no-more-funn/

But, what does netblk-q0228-65-125-188-0 have to do with me?
And this is an ancient spam support listing.
At the present time spamhaus does not list:    65.125.188.0

Googling the netblock, I found:

    # WORLD REACH CORPORATION (NETBLK-Q0228-65-125-188-0)
    # Netblock: 65.125.188.0 - 65.125.188.255
    # Well-known spamhaus - list on sight
    Refuse : 65.125.188.0

Aha, a spammer used to live there, around 4 and half YEARS ago!

Lets poke around at arin.net:

  Looking at my ip:
  Search results for: 209.181.116.104

    Qwest Communications Corporation QWEST-INET-112 (NET-209-180-0-0-1)
                                      209.180.0.0 - 209.181.255.255
    Drew Einhorn USW-TECHNTEACH (NET-209-181-116-104-1)
                                      209.181.116.104 - 209.181.116.111

    # ARIN WHOIS database, last updated 2006-11-19 14:30
    # Enter ? for additional hints on searching ARIN's WHOIS database.

  Looking for: netblk-q0228-65-125-188-0
  Search results for: 65.125.188.0


    OrgName:    Qwest Communications Corporation
    OrgID:      QCC-18
    Address:    1801 California Street
    City:       Denver
    StateProv:  CO
    PostalCode: 80202
    Country:    US

    NetRange:   65.112.0.0 - 65.127.255.255
    CIDR:       65.112.0.0/12
    NetName:    QWEST-INET-10
    NetHandle:  NET-65-112-0-0-1
    Parent:     NET-65-0-0-0-0
    NetType:    Direct Allocation
    NameServer: DCA-ANS-01.INET.QWEST.NET
    NameServer: SVL-ANS-01.INET.QWEST.NET
    Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    Comment:    NOTE: For abuse issues, please email abuse at qwest.net.
    RegDate:    2001-01-04
    Updated:    2005-11-15

    OrgAbuseHandle: QIA2-ARIN
    OrgAbuseName:   Qwest Abuse
    OrgAbusePhone:  +1-877-886-6515
    OrgAbuseEmail:  abuse at qwest.net

    OrgNOCHandle: QIN-ARIN
    OrgNOCName:   Qwest IP NOC
    OrgNOCPhone:  +1-877-886-6515
    OrgNOCEmail:  support at qwestip.net

    OrgTechHandle: QIA-ARIN
    OrgTechName:   Qwest IP Admin
    OrgTechPhone:  +1-877-886-6515
    OrgTechEmail:  ipadmin at qwest.com

    # ARIN WHOIS database, last updated 2006-11-19 14:30
    # Enter ? for additional hints on searching ARIN's WHOIS database.

So it appears that blocking 65.112.0.0/12 was not enough for this bozo.
He appears to be blocking all netblocks owned by Qwest.

To be fair his automated whitelist tool appears to have solved the
immediate problem.

But punishing someone who lives in a neighborhood owned by a landlord
who rented space to a criminal in some other neighborhood YEARS AGO,
sounds awfully like George Bush in Iraq.

-- 
Drew Einhorn

More information about the ubuntu-users mailing list