[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: possible spam compromise - advice please

To: tor-relays@xxxxxxxxxxxxxx
Subject: Re: possible spam compromise - advice please
From: mick <mbm@xxxxxxxxxx>
Date: Fri, 18 Feb 2011 16:03:09 +0000
Delivered-to: archiver@xxxxxxxx
Delivered-to: tor-relays-outgoing@xxxxxxxx
Delivered-to: tor-relays@xxxxxxxxxxxxxx
Delivery-date: Fri, 18 Feb 2011 11:03:19 -0500
In-reply-to: <20110218135709.GB3396@xxxxxxxxxxxxxx>
References: <20110218132707.112feda7@xxxxxxxxxxxxxxx> <20110218135709.GB3396@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxx
Sender: owner-tor-relays@xxxxxxxxxxxxxx

On Fri, 18 Feb 2011 08:57:09 -0500
Roger Dingledine <arma@xxxxxxx> allegedly wrote:


> A lot of spam blacklists don't actually work by receiving spam mail
> via smtp. Instead they look for a wide variety of activity that they
> think is related to a compromised computer, and then assume that
> computer will soon be sending spam mail as well. Unfortunately, that
> approach makes the wrong decision for Tor exit relays.
> 
> You might ask your provider for a copy of the complaint, to get more
> hints? Maybe somebody is scribbling on some web forum through your
> relay, and spamcop is jumping to conclusions. I would avoid "saying
> categorically that tor usage cannot be responsible" -- first you
> should try to figure out what the complaint (and evidence) actually
> is, and then you can help your ISP understand what's going on.

Roger (and Christian too)

Thanks for the quick response and useful tips.

I asked my ISP for a copy of the report and they sent me the sample
"spam" they got from spamcop. It contained this:

"X-Originating-IP: [195.234.10.45]"

and the rest of the email headers made it obvious that the mail went
through a "freemail" service. 

So spamcop are being dumb and blaming my exit node based on a header
added by a web mail system.

I've sent an explanatory email to my provider and I'm waiting to see
what they want me to do. If I have to close that node, I'll go
somewhere else (I've just bought another VM anyway....)

> Also check out http://paulgraham.com/spamhausblacklist.html if you
> want to get more angry at the overall approach of spam blacklists --
> pretty much all of them follow this pattern. :( Their tactics can get
> pretty ugly. One of the future steps in the arms race could even be
> listing your neighbors as spammers, even if they're perfectly
> innocent, to force the neighbors to force you to stop your behavior.

Yep - seen that. I agree.

Cheers

Mick 




---------------------------------------------------------------------

The text file for RFC 854 contains exactly 854 lines. 
Do you think there is any cosmic significance in this?

Douglas E Comer - Internetworking with TCP/IP Volume 1

http://www.ietf.org/rfc/rfc854.txt
---------------------------------------------------------------------

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: possible spam compromise - advice please - UPDATE
  - From: mick
- Re: possible spam compromise - advice please
  - From: Moritz Bartl

References:
- possible spam compromise - advice please
  - From: mick
- Re: possible spam compromise - advice please
  - From: Roger Dingledine

Prev by Author: possible spam compromise - advice please
Next by Author: Re: possible spam compromise - advice please
Previous by thread: Re: possible spam compromise - advice please
Next by thread: Re: possible spam compromise - advice please
Index(es):
- Author
- Thread