Rainer Duffner schreef:

...

in general blocking ips isnt the best and blocking dynamic ips is more then a stupid idea. to the contrary. Why would a dynamic IP need to talk to my mailserver directly?

Because some IP ranges are listed as being dynamic, but really are static? It depends heavily on your definition of 'dynamic IP' and the DUL list you're using.

It's a zombie with almost 100% probability (and the rest are clueless idiots or broken software). 10-20% of my RBL-hits are dynamic ips.

I know a few RBLs which list the full IPv4 and IPv6 address space and would be good spamfilters by your perception of a suitable RBL (they would block all your mail). One shouldn't look at the good negatives, but rather to the false positives. It is my experience that the number of false positives is unacceptably high when IP's listed as 'dynamic' are outright blocked. I do use DUL lists in SA scoring however, since the probability that a message *is* indeed spam, is higher (but nowhere near 100%). Best regards, Arjen

The Thursday 2005-05-19 at 08:54 +0200, Rainer Duffner wrote:

to the contrary. Why would a dynamic IP need to talk to my mailserver directly? It's a zombie with almost 100% probability (and the rest are clueless idiots or broken software).

I should feel ofended :-| -- Cheers, Carlos Robinson

The Thursday 2005-05-19 at 08:42 -0400, Dana Hudes wrote:

Your issue is permanent blocking. This is controversial. The idea has been to exert pressure on ISPs whose users complain. This is of limited success. the idea is that if dialup and dhcp (cable, dsl) users found they could not access major portions of the internet -- not just for e-mail but web browsing as well -- then they would be motivated to complain to their ISPs who would act more forcefully and quickly against spammers etc.

That might work, perhaps, on your part of the world. In my part, it is useless to talk to the ISP, they don't listen. Have you ever worked on a major site call center? I mean one with millions of customers - and sometimes, they charge by the minute on the phone you have to call to complain, one of those 80x numbers. I haven't seen here a responsible ISP yet. -- Cheers, Carlos Robinson

The Sunday 2005-05-22 at 15:20 +0300, NSK wrote:

On Thursday 19 May 2005 17:37, Carlos E. R. wrote:

...

sometimes, they charge by the minute on the phone you have to call to complain, one of those 80x numbers.

Can't you just send a snail mail letter? I don't think corporations pay any attention to telephone complaints, so I think traditional letters could be more effective.

Ha! Not a bad idea. The snag is they don't have a mail address. Or not one where they read mail. They want to be paid extra to listen to complains. The personnel attending the public on phone is probably not at the site listed as "address" - which is very difficult to find out. Emailing them is about as useless as sending to /dev/null. [probably OT, ranting] For example... the local phone company (also the biggest ISP using another name), old monopoly, used to have offices in about every city. No more, all of them have disappeared. You can no longer go to an office and see them face to face while getting a new phone line. There is not even a janitor at the exchanges, no personnel. Actually, getting a new line is easy, dropping it is very difficult. First, you have to phone for instructions - I had to repeat that I wanted to drop the line to three different persons, to be told at the end that I had to fax a note, including a copy of my national ID card, to a certain number - and I tell you, I sent the fax from the post office bureau, at a cost of 12 Eur, because that way it is legally binding in court as sent, if the need arises. I'm not joking, it is that difficult... Lots of people find out that they can not break the contract with and ISP or phone company and keep been charged for a service they don't use month after month. If they don't pay they end being listed as debitors and their bank accounts may be in danger. Hopefully a new law will change things, they are forced to break the contract after 15 days of being faxed. -- Cheers, Carlos Robinson

Am Montag, 23. Mai 2005 12:24 schrieb Thomas Knight:

*Please* can we end this thread sometime soon??

why? its at least a lot more interesting than the usual "please unsubscribe me" that stupid clueless people from all over the place send to this list, instead of doing it the right way (as described in every mail from the list). bye, MH

On Thursday 19 May 2005 15:42, Dana Hudes wrote:

and quickly against spammers etc. . If somoene could get yahoo and hotmail and google to "sign on" to such a program then yes there would be a dramatic amount of complaints.

If Google or Yahoo disallowed access from DHCP/Dynamic IPs, I would find another search engine and webmail. DHCP/Dynamic IP the only IP we can get here without paying extra Euro; static IPs may cost much more than dynamic. -- NSK http://portal.wikinerds.org

Carlos E. R. wrote:

If IP v6 were in general use, all IPs could be fixed for the same price. ISPs could assign an IP to a client or to a phone number, and make identification easier. After all, fighting spam depends a lot on traceability.

I don't think that. Traceability is one part, but I think that money is the most important part. I will analyze money below, but I will first argue about IPv6 and privacy. There is a proposal RFC3041 (http://www.rfc-editor.org/rfc/rfc3041.txt) tries to bring privacy back to IPv6 world. It is still in phase of a "Proposed Standard" (IPv6 still does not use it) but I would prefer to consider it. I am not against dynamic addresses, which in some way, "protect" end user privacy. They are already (IPv4) extremely threatened with non-directed attacks and get hundreds of viruses/attacks every day. The people I know that connects their windows computers permanently to Internet have to reinstall them at least twice a year due to adware, worms, etc. Only with massive attacks "harvesting" vulnerabilities, but the risk of a "directed" attack might be much more serious. Don't think of a company that can spend money in services and professionals to get "secure" internet services. Think of end users exposed and traceable. I don't think that you would really like that your company's accountant personal home IP address is public to your competitors.... Internet security is not mature enough for this (will it ever be?). For my personal use, I prefer to have dynamic addresses than static ones, even though I have nothing to hide, I am not a spammer and there is no big secret in my home PC. I am pretty sure that if you explain the traceability risk to the accountant he will unplug the computer with sensitive information from Internet :-) Even if you are unable to hack his system, you can distributed-DoS-attack his address the day before the tax declaration and make the company get a nice fee ;-) Obviously that if the application used requires a M$ Window$ OS, then the situation might get even better... In the end, I think that we have spam because people need spam and spammers can get money out of sending spam! Lets forget about worms, sober and other threats and think ONLY in man-created spams (lets say selling trips, insurances, degrees, etc). They spend money and time building Internet sites, registerig domains, buying thousands of e-mail addresses and sending the spam because people READ spam and BUY from spam. Spam is the commercials of the communication industry "moved" into e-mail messages. It is the same as ads in magazines or TV. Take any computer magazine and think of the surface dedicated (spent/wasted up to you) to advertising..... you read more advertisements than information. We all have to see letters by the roads selling products.... visual pollution? hardware spam? Call it the way you like it, but it is the same thing. Scale, means and impact might not be the same but it happens. Why do I have to "show" (advertise) that my new T-shirt is from "Lacoste", "Nike", "Polo" or whatever? Why it is every day more and more difficult (impossible!?) to get clothes, nice ones, but without becoming a walking advertisement? Check your own clothes and see if even your own person is not used for selling and advertising.... Check any sport and you will see that there is no room for more brands! There are other nasty and "spammy" acts like the footers inserted by ISP on the bottom of e-mails. I have even seen some in this list too! I should be not legal that they alter the content of our e-mail, for whatever reason! I am not saying that about organizations that put footers to e-mails from people exchanging information outside, but for public ISP altering the content to put advertisements. We are discussing spam because spam allows any moron to send it and to get in the mirror of any F1 car costs millons. But I believe is the same thing. In the end, I think that the day people stop buying that, spam will desapair alone. In the mean time, it is a very challenging race betwen spam-creators and spam-fighters..... The fact is: spam sells and produces money.

In fact, in Spain, dynamic IPs can be traced to the phone that made the connection, but you probably need a court order to get that info.

Sure! And the good thing of that is that there are warranties! There is a legal process that assures privacy and if there is a real reason, then actions can be taken. I support that way of working, and not that someone, because he believes an IP is dynamic simply drops it. As some one very polite said "you have to count false positives".

And yes, the courts are acting against some spammers, but sometimes getting it all wrong: I read in the news paper about a businessman being sued because he sent an email to half a dozen people, and one of them said it was unsolicited email and sued him (the mail addresses were printed on business cards exchanged at a business fair). Weird.

I am hope that in the end of the legal process, the suer will have to pay all the expenses :-)