Blacklisted - removal?

Vernon Schryver vjs@calcite.rhyolite.com
Mon Feb 27 00:44:32 UTC 2006


> From: Michael Bordignon <michael@infometrics.co.nz>

> It appears the ISP I use (www.iconz.net - 210.48.0.0/17) is blacklisted 
> from the public DCC servers. Who should I contact about attempting to be 
> removed from the blacklist?

Did you read the blacklist?
http://www.rhyolite.com/anti-spam/dcc/client-blacklist
I intended the comments there as a hint for people in your situation
to contact your ISP or the organization from which your ISP purchased
anti-spam hardware or software.  That hardware or software causes the
DCC servers to whine and complain in their system logs about bogus DCC
requests.  I suspect that vendor is Barracudanetworks but that is more
likely Fortinet.com and that it is taking the resources of the public
DCC servers including CPU cycles, network bandwidth, and especially
human system administration time.  That has never been kosher.  It
should instead pay the costs to run its own DCC servers from money
collected from its customers.

http://www.fortinet.com/news/pr/2005/pr121305.html
now says

]FortiMail 2.2 firmware adds the following to FortiMail systems:
]
]    * Enhanced Spam Detection: Includes the following email content
]     inspection features that bring antispam detection accuracy up
]     to 97 percent.
]	  o Checksum Blocklist: Integrates with Fortinet's FortiGuard
]	   Antispam Service, which inspects all content within an
]	   email, including attachments and graphics, and applies a
]	   checksum against the content to determine whether it is spam.
]	  o Greylist: Checks "reply to," "from" and "IP" headers
]	   for new email senders that FortiMail does not recognize
]	   and delays response to suspicious email servers to determine
]	   the legitimacy of the sender.
]	  o Heuristics: Includes more than 600 rules that are indexed
]	   by a heuristics filter to inspect and score all parts of
]	   an email for spam characteristics.
]	  o Spam URI Real-time Blocklist: Monitors Universal Resource
]	   Identifiers (URIs) that are embedded in emails as another
]	   content-based technique to detect spam.

There are several ways to get those features, but only one I know
involves streams of mostly valid but some malformed DCC/UDP/IP packets
sent to the public DCC servers.

The bogus DCC packets from what I know are Barracudanetworks customers
have stopped.  I only occassionaly see them Barracudanetworks' own
networks.  Soon after I first saw bad packets from fortinet.com/APSECURE.com,
saw them from other networks.  Your network was the most recent, but
Asnet Limited I think near you was one of the first.

It is bad to take and sell the labor of the public server operators,
but also to cause grief and bring attention with perverted versions
of the code?

As far as I know, I've never heard from fortinet.com, chti.com.tw,
APSECURE.com, asianproducts.com, or APSYS.NET.  If I had I would have
suggested they talk to Commtouch about a commercial license.  The free
license for the DCC source for the last year does not cover organizations
selling it in anti-spam appliances.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.