Frequently Asked Questions, Comments and Answers. |
|
Q1: What is SPEWS?
|
|
A1: SPEWS is a list of areas on the Internet that several system administrators,
ISP postmasters, and other service providers have assembled and use to deny email and in some cases,
other network traffic, from.
|
|
Q2: Why is SPEWS?
|
|
A2: In most cases, spam blocking
and filtering systems work after the fact. There is a time lag between the spammer setting up shop,
spamming millions, and getting their network ranges block-listed. SPEWS identifies known spammers
and spam operations, listing them right as they start, sometimes even before they start, spamming.
Also, several of the other popular spam blocking systems have become bogged down due to an overload
of requests, this lessens their effectiveness; as a result, SPEWS was created to assist.
|
|
Q3: Why not let Internet Service Provider (ISPs) and the large data network companies handle the
spam problem?
|
|
A3: We'd love to, but given the history of the ineffectiveness of some ISPs and networks
due to lack of interest, lack of funds, and no lack of uneducated security/abuse people, the only way one
can attempt to fully stop spam is at the recipient end rather than the point of origin.
|
|
Q4: Why not let the government handle the spam problem?
|
|
A4: Governments are years behind the problem, most current laws are nearly worthless
or, as in the USA, have been co-opted by the DMA and other
spam friendly entities. Even with current and future laws, many of the SPEWS listed spammers have
no qualms about breaking the law and unless prosecuted, will never quit.
|
|
Q5: Why are network addresses listed if no spam has originated from them?
|
|
A5: They are listed because they have been set up by known spammers and spam
support operations, most with a demonstrable repeated history of spamming or spamming services.
They are also listed if they host websites advertised in spam,
as this too falls under spamming services - these listings normally occur if the owners of that
network address range do not remove the offenders.
|
|
Q6: How did "I" get into SPEWS?!
|
|
A6: Normally it is not "you" who was listed but your ISP or host. They may have
been listed due to spam originating from their section of the Internet or due to their hosting or
providing services for known spammers. The SPEWS bounce page covers this
in more detail. Now if you are a spammer, or spammer supporter, yourself, you were listed for that
reason.
|
|
Q7: Most of my spam comes from dialup modem pools, not spammer owned network blocks. So using
SPEWS won't really stop any of my spam. Why doesn't SPEWS list dialup modem pools?
|
|
A7: We want to list any identifiable network block that is owned or run by the
spammers or spammer supporters themselves. This way we can lessen their effectiveness at spamming.
Even if the spam doesn't come from there, they may use it to host spamvertized sites or use their
network connection to harvest email addresses
from Internet webpages. Also, we don't block dialup modem pools because they are used by many more
people than just the spammers. We do try to educate the dialup ISP to clean up their spam problem.
|
|
Q8: Why not educate the people before listing them?
|
|
A8: Most, if not all, SPEWS listed spammers know what they are doing, are pro-spam,
and have a long history of abuse, some even have criminal records and civil judgements against them.
In most cases, attempting to educate these types is a lost cause. But you're welcome to try. We
do try to educate some of the hosts and ISPs the spammers use.
|
|
Q9: Why use SPEWS instead of advisory-list ABC, XYZ, etc?
|
|
A9: SPEWS is normally not an "instead", but a supplement to other blocking/filtering
strategies. We recommend using open relay, open proxy, and dialup block-lists as a first line of defence.
This will normally catch the majority of ones incoming spam.
|
|
Q10: Isn't SPEWS censorship?
|
|
A10: No, SPEWS is a list of areas of the Internet that some people do not wish to
communicate with. Think of it as one group's Consumer Reports
review of portions of the billions of Internet addresses. These are the ones SPEWS members have a
poor opinion of. SPEWS is not anti-commerce and fully supports the USA's First Amendment and other
nation's free speech protections. In fact, the USA's Supreme Court agrees
with the SPEWS view. The creators of SPEWS are its main users and who it was designed for, if
others decide to also use its data, they are exercising their own rights. No one is forced to use SPEWS.
|
|
Q11: I'm a spammer and I'm listed in SPEWS, I want out! Will you do it?
|
|
A11: Sorry, SPEWS is a list of known spammers, spamming operations and spam supporters, if you
fit the criteria there's a good chance you will be listed and stay listed. If you are a spammer, may we suggest
you get a real job?
|
|
Q12: As a spammer or spam supporter listed in SPEWS, don't I have legal grounds to sue SPEWS?
|
|
A12: Not in any jurisdiction we've seen. SPEWS is just an opinion report, used by
some to filter Internet traffic, others to read for amusement, it was not created, intended, or used
to libel or defame anyone. The USA's Federal Trade Commission (ftc.gov)
recommends the filtering option and directs people to a CDT report
detailing the spam problem and solutions to it. Many other people and places
have implemented this government suggested option.
|
|
Q13: What gives you the right to stop spammers, or anyone for that matter, from sending you email?
|
|
A13: Basic private property rights and basic freedoms to associate with and not
associate with whomever we chose. Our email systems and mailboxes are our and our client's private
property, some of us tried putting up "no trespassing" signs ("don't spam here" banners), when they
were disregarded we hired the equivalent of a "nightclub bouncer" who has a list of past trespassers
and potential troublemakers we'd rather not let in. The bouncer is our email/packet filtering
software, the list it uses is called SPEWS.
|
|
Q14: Why do you hate spammers so?
|
|
A14: We don't hate anyone, in fact we love all. We hate what spammers do. Again,
we are not judging the morality of anyone whose network is listed in SPEWS, we just don't want to
communicate with them.
|
|
Q15: How do I know you won't list places you may dislike for non-spam reasons? Political
candidates, controversial sites, adult sites.
|
|
A15: The "S" in SPEWS stands for spam (aka: unsolicited bulk email). That is what
SPEWS is designed and intended to list, nothing more.
|
|
Q16: I'm not a spammer or spam operation... heck I hate spam, but my email is getting bounced by
someone using SPEWS, or I can't access a website due to SPEWS based blocking.
|
|
A16: You maybe part of the rare "inadvertent blocking" that can occur when a spam
friendly provider is listed in spews. Your best option is to try and educate your provider or switch
to one who is not listed in SPEWS as spam friendly. SPEWS aims to avoid listing any non-spammer or
non-spam support areas if possible - we just want to stop spam.
|
|
Q17: I was spammed from network XYZ, I want them added to SPEWS!
|
|
A17: Unlike other block-lists, SPEWS does not take submissions or nominations.
Entries in SPEWS are made by the people who run SPEWS for their own blocking and filtering needs.
It is provided to the rest of the Internet as an educational tool, or an opinion to use if anyone
wishes.
|
|
Q18: If I decide to use SPEWS, what will it cost me money wise?
|
|
A18: Nothing, viewing SPEWS is free. Much as reading the majority of Internet
webpages, just go there and look at its data either with your eyes, or your computer's email/packet
handling system.
|
|
Q19: I've found that my ISP/Host/etc. is using SPEWS to block/filter email and I don't like that!
|
|
A19: You can ask them if they are able to just "tag" the incoming email as possible
spam instead of bouncing it. If they are unable to do this, we are sure there are plenty of
ISPs/Hosts/etc. who do not use SPEWS and would welcome you as a customer.
|
|
Q20: Why don't places like AOL/Hotmail/Yahoo/Bigfoot use SPEWS to filter my email there?
|
|
A20: It's their choice, they are quite welcome to use it.
|
|
Q21: Why does SPEWS have two levels of listings? What is Level 1?
|
|
A21: SPEWS publishes two lists. The majority of the Level 1 list is made up of
netblocks owned by the spammers or spam support operations themselves, with few or no other legitimate customers
detected. We don't even try and educate these types as any past attempts at education have failed.
If a known spammer buys a new netblock but hasn't started spamming from it yet, it is still eligible
to be listed here. If used, this list should have close to zero inadvertent blocking.
|
|
Q22: What is Level 2?
|
|
A22: This includes all of Level 1, plus anyone who is spam-friendly, supporting
spammers, or highly suspicious, but not blatant enough to be included in the Level 1 list yet.
If it becomes obvious that someone at Level 2 has become a real problem, they will be escalated to
Level 1 after some attempt at education. The Level 2 list will have some inadvertent blocking
(non-spammer IP addresses listed), but can still be used by small ISPs or individuals who want a
stricter level of blocking/filtering. By having a two tiered list, you can make the hardcore
spamfighters happy; those who want to block first and ask questions later. Also, a listing in the
Level 2 list may exert a bit of pressure on spam friendly sites and may keep them from turning
totally bad - but that is not really the point, stopping spam is.
|
|
Q23: As an ISP/Host/Network, what is the best way to keep our IP address ranges out of the SPEWS list?
|
|
A23: It's quite simple, steer clear of spammers, spammer hosts, and sellers of
spamware. If one does appear on your system,
terminate immediately before the complaint level rises. Search out, and copy for your own, the best
Acceptable Use Policies (AUPs) and stick to the letter of
their wording. And the most obvious way; pay attention to and act upon email in your "abuse@" mailbox!
|
|
Q24: Why isn't the big emailing company who sends me opt-out junk email listed in SPEWS.
|
|
A24: These large corporate emailers (aka: mainsleaze)
are not die-hard spammers or spam operations, they can, after a time, be educated to run a proper,
verified/confirmed opt-in only, system. In the past, MAPS did a good job
at this and it seems they do intend to continue pursuing this goal into the future.
|
|
Q25: Will SPEWS ever list the big corporate spammers?
|
|
A25: Yes. If they venture into the pure unsolicited emailing world, or have an
un-managed "affiliate" program that causes spam problems they will be listed.
|
|
Q26: I've been spammed though an open email relay, why aren't these in SPEWS?
|
|
A26: SPEWS does not normally list open relays.
Use an Open Relay advisory list like ORDB or the MAPS RSS to
filter these. If a spammer or spam operation has an open relay, it will be listed on that basis. SPEWS does
not do relay or mailserver testing.
|
|
Q27: If I use SPEWS, is there an chance that non-spam email will be blocked?
|
|
A27: Yes. If you rely on the information supplied by SPEWS (or almost any
block-list), you have chosen to reduce your email connectivity and refuse email from certain
sources based on the information we list. We do not warrant that the information we provide is
complete or accurate - how you choose to use it is up to you.
|
|
Q28: Will using the SPEWS list as a filter block all my spam?
|
|
A28: No. There is no practical way at present to stop all incoming junk email, only
to limit the quantity. Using SPEWS in conjunction with one or more of the open relay/proxy and spam
advisory systems will dramatically cut down on the spam you do get.
|
|
Q29: How can I or my ISP use SPEWS?
|
|
A29: Several places get and publish both SPEWS Level 1 and Level 2 lists in several
ways. Router/firewall DENY tables, Procmail filters,
MTA access lists and records made to be used
as DNS zone files.
|
|
Q30: Wow, this is great, I want to hook my mailserver up to SPEWS right now, how!?
|
|
A30: Sorry, the SPEWS system is private and used by its developers to filter their
own email by this method.
|
|
Q31: Okay, I'm still sold, what's the easiest way to use SPEWS then?
|
|
A31: At this time the easiest way to use the SPEWS list for yourself is to use
the DNS lookup based filtering provided by Relays.Osirusoft.com.
The SPEWS Level 1 is included in their multi-zone spam prevention database. Use of their system is
also free. Other systems may soon follow and offer this zone for DNS lookups. The best and fastest
way to use SPEWS is to set up your own DNS server and mirror
one of the DNSBL lists that include SPEWS or build
your own DNSBL with the SPEWS data.
|
|
Q32: Are you associated with any other SPEWS domains?
|
|
A32: Nope, SPEWS.ORG is our only site. We have no idea what any others are.
|
|
Q33: I'm a spammer and hate SPEWS, can I get SPEWS-SUCKS.COM and put up an anti-SPEWS website?
|
|
A33: Why not? It's your opinion. You can even block us from you and your spammer
buddy networks... in fact, please do!
|
|
Q34: I'm a spammer, what can being listed by SPEWS do for me?
|
|
A34: Since most spammers "say" they don't want to send email to people who don't
want it (why else would there be dozens of "remove" lists), having your address in SPEWS will
prevent your email from reaching people who don't want it. Consider it a "pre-removal" list.
|
|
Q35: Who is SPEWS? Isn't SPEWS like some kind of "star chamber" of unaccountable people who are
banning others?
|
|
A35: No. SPEWS is a just a list made by people who deal with the spam/junk email
problem on a daily basis. They are from all over the world, N. & S. America, Europe, Asia, Australia.
Spam knows no borders and the people who try to limit it are global in this day and age. SPEWS
people are accountable, accountable to their many users and clients who like getting reduced spam,
but would not like having email of value rejected. This accountability to others keeps SPEWS
functioning smoothly.
|
|
Q36: Where can I go and see discussions about SPEWS, spam and other email abuse issues.
|
|
A36: The Usenet has newsgroup forums
for this, there is a SPAM-L mailing list,
SpamCop.net has a mailing list and User Forum.
Note that posting messages in these newsgroups & lists will not have any effect on SPEWS listings, only the
discontinuation of spam and/or spam support will.
|
|
Q37: How do I find what type of spammers and spam supporters are in SPEWS?
|
|
A37: Visit the Spamhaus.org website and view their
database of spammers and the Register Of Known Spammer Operations (ROKSO).
Also Spamsites.org has a massive list of the sites that enable
spammers by selling them the tools they use to spam, hide, and steal from others. These places can
also be blocked using lists published by Spamhaus.org
and Relays.Osirusoft.com and are the types of places
included in the SPEWS list.
|
|
Q38: I have my own spam blocking system set up, why should I use SPEWS?
|
|
A38: Keep using yours, but by adding SPEWS you may be able to stop some spammers
you've missed or do not know about - yet - and that's a good thing.
|
|
Q39: Is SPEWS global? Is in only good in the USA, Europe?
|
|
A39: SPEWS can be used by any system located anywhere in the world to filter email
or block packets from the addresses listed in SPEWS. We will try and have different language
versions of the SPEWS bounce page as time goes by, but much of the site will
remain in English.
|
|
Q40: There must be some evil scheme to profit from this endeavor?
|
|
A40: No. SPEWS is in the category of many "just for the good of the community as a
whole" Internet projects. Everyone involved does it based on this. There may be an increase in
profits for people who use SPEWS, as having to deal with spam costs money.
|
|
Q41: How does one contact SPEWS?
|
|
A41: One does not. SPEWS does not receive email - it's just an automated system
and website, general blocklist related issues can be discussed in the public forums mentioned above.
The newsgroup news.admin.net-abuse.email (NANAE) is a
good choice, and Google makes it quite easy to post messages
there via the Web as M@ilGate does via email. First
time newsgroup posters should read the NANAE FAQ.
Note that posting messages in these newsgroups & lists will not have any effect on SPEWS listings, only the
discontinuation of spam and/or spam support will. Be aware that posting ones email address to any publicly
viewable forum or website makes it instantly available to spammers. If you're concerned about getting spammed,
change or "mung" the email address you use to post with.
|
|
Q42: My IP address/range is being listed by SPEWS but I'm not a spammer and I just signed up for
this/these address(s). What can I do to be removed from the list?
|
|
A42: SPEWS is just an automated system, if spam or spam involvement (hosting spammers,
selling spamware) from your IP address/range ceases, it will drop out of the list in time. Normally the
listing involves spam related problems with your host and the first step you need to take is to complain
to them about the listing, in almost all cases, they are the only people who can get an address/range out
of the SPEWS list. If there is a spam related problem with your host, their IP address/range will not be
removed until it is resolved. If your host or network is certain a listing mistake has been made, ask
them to read this FAQ then post a message in a public forum mentioned above with the SPEWS record number
(eg. S123) and/or the IP address/range information in it. Placing the text "SPEWS:" in the subject can
help a SPEWS editor or developer see the message and they may double check the listing - note that,
although others may, no SPEWS editor or developer will ever reply to the posting. Will this get your
IP address/range removed from a SPEWS listing? Again, not if there are currently spam related problems
with your host. Be aware that posting ones email address to any publicly viewable forum or website makes
it instantly available to spammers. If you're
concerned about getting spammed, change or "mung"
the email address you use to post with.
|
|
Q43: I am a spammer or spammer host and my IP address/range is being listed by SPEWS. What can I
do to be removed?
|
|
A43: If you are a spammer, not much. If you are a spammer host and wish to discuss
your SPEWS listing you are free to discuss it in the public forums mentioned above. Be prepared to see
responses from others in these open forums, if you are a spammer or known as spam friendly, these
responses will not be kind. If you are a spammer host, be prepared to be educated about the error
of your ways by the people who post here. And a word of warning, most of the people in these forums,
like SPEWS administrators, have heard every excuse in the book - if making excuses; please be
original. Do note that if you are still spamming or hosting spammers - it's probably best not to post
any messages at all, it serves no purpose. Be aware that posting ones email address to any publicly
viewable forum or website makes it instantly available to
spammers. If you're concerned about getting spammed, change
or "mung" the email address you use to post with.
|
|
Q44: I'd love to use SPEWS and other advisory systems to reduce my spam, but I just can't take the
chance that a non-spam email for me or my company would be rejected. What can I do?
|
|
A44: Instead of rejecting the message, most email systems can also be set up to
tag it as possible spam.
These tags are placed in the message header and can then be dealt with using your email client
software. A common technique is to put them into a "junk folder." Then, when you have time, you
can scan through these messages to see in any were of value. Email processing systems like
Procmail,
SpamBouncer and
SpamAssassin can be used to implement this. A common
practice is to bounce based on the SPEWS Level 1 list, and tag based on the SPEWS Level 2 list.
|
|
Q45: What other major spam advisory lists and blocking systems are there? What are your opinions of them?
|
A45: There are quite a few other advisory lists and blocking systems available. A
sampling of them, mostly DNSBL type, and an opinion follow. There is also a weekly comparison
published and viewable online, and a less detailed daily comparison
posted by tu-berlin.de to the Usenet.
|
|
MAPS RBL: Great for putting pressure on an ISP but too
slow to be highly effective, their strict rules makes it very difficult to even list some of the
worst spammers. Too much manual work involved dealing with the public and the spammers ("MAPS
is not about stopping spam. MAPS is about stopping spammers" - Dave Rand).
They also seem more concerned about educating mainsleazers
than stopping actual hardcore spammers. That's where using SPEWS comes in. [Fee and/or contract
needed]
|
|
MAPS RSS: Nice when it worked. ORBS-type lists are
better, you should not have to actually get proof of spam through a relay before blocking it. Due
to abuse by spammers, open email relays no longer have any place on the Internet. Some may want to
debate this, we won't. [Fee and/or contract needed]
|
|
MAPS DUL: Becoming pointless as time passes, most
spammers are not using "direct-to-MX" spamming anymore, ISP port 25 filters take care of this.
MAPS should be commended for their efforts to get the major dial-up providers to implement port 25
filters. This one action alone has caused spammers the most grief. [Fee and/or contract needed]
|
|
MAPS NML: A lawyer approved version of the RBL; the
"Non-confirming Mailing List" database is a list of mailservers belonging to places that do not
run fully verified opt-in lists. Not enough
information as to its effectiveness yet, but if it does what it says, it should keep the
mainsleazers at bay. [Fee and/or
contract needed]
|
|
ORBS: Great for blocking open relay spam but there can be
inadvertent blocking. Good for educating people to close their abuse prone relays. ORBS has several
lists one can use or not use, read about each one and decide for yourself. [Note: ORBS is no longer
functional - many "sons of ORBS" type DNSBLs have taken its place and share its good qualities]
|
|
Osirusoft: A nice multi-zoned blocklist that allows users
to select the level of blocking they wish to implement. Very effective.
|
|
ORBL: A pure open-relay-only blocklist that will list any and all
machines that allow open email relaying - strict but very effective. [Note: ORBL is no longer
functional - Oct/01]
|
|
ORDB: A pure open-relay-only blocklist based in Denmark that will
list most machines that allow open email relaying. Very effective.
|
|
RSL: A pure open-relay-only blocklist, it lists open relays
only after receiving spam from those relays. [Note: RSL is no longer functional - Dec/02]
|
|
DSBL: A multi-zoned open relay/proxy/formmail blocklist that will
list all machines that allow open email relaying - flexible & effective.
|
|
Dorkslayers: Lists open foreign mailservers, not a large
quantity, but will catch some. They recommend you do not use their system ;-)!
|
|
SpamCop: Great way for newbies to complain about spam!
Their statistics are great for figuring out where
the real spam problems are. [Fee and/or contract needed]
|
|
SpamCop BL: In 2001 SpamCop added their own dynamic,
real-time DNSBL, free to use and quite flexible as it puts "scoring" into the returned lookup
value. Due to problems automating this type of system, to use it to bounce mail on a larger ISP
would not be recommended. For personal use, or if used to tag messages as possible spam, it is
recommended, the system does work very well.
|
|
Spamhaus SBL: The Spamhaus Project operates a very good
blocklist advisory system that contains current spamming areas of the Internet, spamware
vendors, and known spamming operations contained in their ROKSO database. Very effective.
|
|
Brightmail: Only filters spam in progress can't be used to
block IP ranges. Somewhat pointless in the grand scheme of things as it does not put pressure on
spammers to shut down. Does stop many known virus attacks. No longer free: From the
Brightmail website, ["NOTICE: Free Brightmail was shut down June 1 2001."]
|
|
SpamBouncer: It takes a bit of work to set up, but will
allow people who don't have access to DNS level mail filtering directly to still use the system.
It can be used to query blocklists and it does query DNSBL's that include the SPEWS list.
Effective and very flexible. [It is Procmail
based]
|
|
SpamAssassin: It takes a bit of work to set up, but is
very powerful and uses an assortment of rule based
techniques to determine which emails are spam and which are not. It can query blocklists that
include the SPEWS list. Very effective and very flexible. [It is Perl based]
|
|
Easynet Spamblock: Easynet (was Wirehub)
operates a very nice multi-zoned blocklist advisory system that contains current spamming areas of
the Internet and includes very large list of "dialup" addresses. Effective and available in
different formats.
|
|
Monkeys.Com Unsecured Proxies List: Monkeys.Com operates
a very complete blocklist advisory system that contains verified open proxies, the current favorite
spamming exploit. Very effective.
|
|
SORBS: A multi-zoned open relay/proxy/spampipe blocklist that will
list all machines that allow open email relaying or originate spam - flexible & effective.
|
|
Q46: Okay, I've looked into the SPEWS list - It doesn't list anywhere near enough of the junk emailers out
there! I want to block more - how?
|
|
A46: Many other people and companies publish lists of their
opinion as to who, where and what should be blocked if you feel you need more. Try them if you
need more.
|
|
Q47: I have a question that was not answered above, how do I get an answer?
|
|
A47: As mentioned, SPEWS issues and further questions can be discussed in the
forums mentioned above. The newsgroup news.admin.net-abuse.email
(NANAE) is a good choice.
|
|
Q48: Why is this FAQ so darn long?!
|
|
A48: Sorry, no answer to that one.
|
|
Menu
