Re: [anti-spam-wg] blacklisted for no reason

  • From: furio ercolessi furio+as@localhost
  • Date: Mon, 14 Apr 2008 15:52:35 +0200

On Fri, Apr 11, 2008 at 02:22:08AM -0700, JT Adelphia wrote:
> Hi,
>  
> My servers ip was recently erroneously blacklisted in an sbl listing.  The
> other ips in the listed range I have no control over.  This is having a very
> negative effect on my business.  The sbl support department is not
> responding to my emails.

What some may consider erroneous is _not_ blocking the whole of 
Calpop.com (or atmlinkinc.com, or "Hollywood Interactive", or
whatever their name is today).
This company has hit us with much spam, for many years, and had us 
losing much time in dealing with customer complaints and adjusting filters, 
until the day last year where we decided to reverse the usual operational 
procedure by blocking the whole of Calpop and start whitelisting individual 
IPs as the need arises.  That was an action that we did not regret.

Such a persistent supply of services to spammers could not exist
unless the management of the company considers this as part of their
core business.  The management of Calpop is part of the problem
that led to the existence of this and other discussion groups,
and of the various blocking lists as well.  The Internet would be
a better place without this company - at least in the way that it is 
run today.

"Erroneous sbl listing"? Sorry, I do not think so.  Snowshoe
spammers on Calpop are the normality, and this case is not different.
Spamhaus may have no history, but Ironport has one:
http://www.senderbase.org/senderbase_queries.detailip?search_string=208.70.78.94&which_others=%2F24
And you can see high emissions in the past days from:

208.70.78.85  mail.pitufamar.cxm  (anonymous domain registered 21-mar-2008)
208.70.78.87  mail.quiquebas.cxm  (anonymous domain registered 21-mar-2008)
208.70.78.88  mail.wientime.cxm   (anonymous domain registered 31-mar-2008)
208.70.78.89  mail.xanduzen.cxm   (anonymous domain registered 21-mar-2008)
208.70.78.90  mail.largosos.cxm   (anonymous domain registered 31-mar-2008)
208.70.78.91  mail.winteraire.cxm (anonymous domain registered 21-mar-2008)
208.70.78.92  mail.pitremis.cxm   (anonymous domain registered 31-mar-2008)

[ NOTE: this the second version of this mail to the list.  The first was
  rejected by the content filters at RIPE because of these spammy domains
  in the body.  This is why I changed the suffix from the real ".com" 
  to ".cxm". ]

This makes 208.70.78.80/28 "a dirty network".  Since SBL is no 
longer listing it, the safe (based on experience) conclusion that
can be reached is that Calpop moved the spammer elsewhere in its
space. The spammer will reappear shortly with a new set of domains.
This crap from Calpop has been going for _years_.

> To be frank this is costing me a lot of money and the Spamhaus support staff
> seems unconcerned.  I did nothing to earn being listed.  I am an innocent
> bystander who is now fighting to save his business.  I rely on income from
> my hosting server to pay for my home, car, and family.  

To be frank, I could not understand why you would host a site on 
one of the worst ISPs in the world, spamwise.  The best thing that you
could do to your business is move the hosting elsewhere.

> It is not fair to blacklist my ip when I have no control over any other ip.
> This is clearly an issue between spamhaus, the offending user, and the data
> center and should not involve my ip.  If I am not the offending user, why is
> my ip involved here?

I see it as an issue between an ISP sold to (or run by) spammers and the 
rest of the Internet, with Spamhaus as a sort of savvy mediator to 
mitigate the damage that spammers and spam-support ISPs inflict to the 
world.

> I feel humiliated, ignored, and slandered.  No one at my ip has been
> involved in any kind of spam related activity, yet my ip is blacklisted.
> Spamhaus has provided me with no timeline for a solution to this problem.

Well, it apparently has been solved, for some meaning of "solved".
Obviously Spamhaus could not provide a timeline, since it is entirely
in the hands of the ISP!

> Someone should help me to resolve this before my losses become so great I am
> forced to seek the help of an attorney.

Since Calpop is the responsible party, you may consider directing the 
attorney against Calpop for placing spammers nearby your IP.  You may 
even consider to get some public fund-raising for such an action.  I 
would be ready to contribute with $100 out of my own pocket.

> Jon T.
> 208.70.78.94

I punched a hole for your IP in our local access list.

furio


PS  your IP is in a block registered in ARIN by the following entity:

OrgName:    AirlineReservations.Com, Inc.
OrgID:      AIRLIN-5
Address:    600 W. 7th Street
Address:    Suite 360
City:       Los Angeles
StateProv:  CA

Did you buy hosting from this company?
I will be grateful if you can indicate me a web site or anything else
that relates this corporation with any activity somehow related with
airline reservations.  I have not been able to do so, in spite of
some research; but perhaps I am not good enough. Or perhaps they
like using a weird name for a hosting business, for some reason.