Spam Prevention Early Warning System

From Wikipedia, the free encyclopedia

The Spam Prevention Early Warning System (SPEWS) is an anonymous service which maintains a list of IP address ranges belonging to Internet service providers (ISPs) which host spammers and show little action to prevent their abuse of other network's resources. It can be used by Internet sites as a source of information about the senders of unsolicited bulk email, better known as spam.

Contents 1 Overview 2 Process 2.1 Criteria for listing 2.2 Listing data or evidence files 3 Criticism of SPEWS 3.1 Contacting SPEWS 3.2 Criticism 3.3 Counter argument 4 Delisting 5 External links 5.1 FAQ links

[edit] Overview

SPEWS itself publishes a large text file containing its listings, and operates a database where users may query the reasons for a listing. Users of SPEWS can reprocess these data into formats usable by software for anti-spam techniques (e-mail).

For instance, many mail sites used a DNSBL based on SPEWS data, operated at spews.relays.osirusoft.com. This DNSBL was shut down on August 27, 2003 after several weeks of denial of service attacks. A number of other DNSBLs exist based on the SPEWS data, which remain accessible to the public.

There is a certain degree of controversy regarding SPEWS' anonymity and its methods. By remaining anonymous, SPEWS avoids harassment and lawsuits of the sort which have hampered other anti-spam services such as the MAPS RBL and ORBS.

Some ISP clients whose providers are listed on SPEWS take umbrage that their own IP addresses are associated with spamming, and that their mail may be blocked by users of the SPEWS data. This becomes particularly aggravating when SPEWS blocks legitimate email that may be important. For example, a customer of Shaw Communications discovers his email bouncing back with an error message regarding a SPEWS listing, and that he must contact his own ISP for resolution. However, Shaw Communications, seen by SPEWS as a source of spam, throws the problem back onto their own subscriber, advising him to contact SPEWS. The customer is then caught in an unresolvable Catch-22 situation, increasing his aggravation.

The SPEWS database has not been updated since 24 August 2006.^{[citation needed]}

[edit] Process

The precise process by which SPEWS gathers data about spam sources is unknown to the public, and it is likely that its operators use multiple techniques.

SPEWS seems to collect some information from honeypots—mail servers or single email addresses to which no legitimate mail is received. These may be dummy addresses which have never sent any email (and therefore could not have requested to be subscribed to any legitimate mailing list). They may also be placed as bait in the header of a Usenet post or on a Web page, where a spammer might discover them and choose to spam them.

The SPEWS Web site makes clear that when spam is received, the operators file a complaint with the ISP or other site responsible for the spam source. Only if the spam continues after this complaint is the source listed. However, SPEWS is anonymous—when these complaints are sent, they are not marked as being from SPEWS, and the site is not told that ignoring the complaint will result in a listing. This has the effect of determining the ISP's response to a normal user's spam complaint, and also discourages listwashing—continuing to spam, but with the complaining address removed from the target list.

If the spam does not stop over time, SPEWS increases the size of the address range listed through a process referred to as "escalation". This process is repeated, conceivably until the entire netblock owned by the offending service provider is listed or the block is large enough that the service provider is encouraged to take action by the complaints of its paying customers.

[edit] Criteria for listing

SPEWS criteria is based on "spam support"; That means that when a network operation provides any services to the identified spammers, the resources involved are listed. For instance, part of an ISP's network may be listed in SPEWS for providing DNS service to a domain mentioned in a piece of e-mail spam, even if the messages weren't sent from said provider's mail servers.

[edit] Listing data or evidence files

IP addresses listed in SPEWS are mentioned in "evidence files". Those are plain text files which upon inspection appear edited by hand, where those IP addresses along with the technical evidence backing the listing, is depicted. The contents of those evidence files may seem rather cryptic to readers who are not intimately familiar with the technical jargon of the Internet.

[edit] Criticism of SPEWS

No one knows how many service providers use the SPEWS list to reject mail.

[edit] Contacting SPEWS

One common criticism is that there is no way to contact SPEWS. According to the SPEWS FAQ: "Q41: How does one contact SPEWS? A41: One does not..." Having no way to contact SPEWS is seen as a way for SPEWS to avoid having to deal with complaints--even if they are legitimate--and to be immune from many consequences of mistakes, bad policies, or other problems.

[edit] Criticism

SPEWS critics (often those who use IPs listed in SPEWS) claim it blocks sites and does so for reasons they consider unfair. Critics argue that an ordinary customer of an ISP should not be held responsible for the actions of other customers of that ISP.

[edit] Counter argument

Supporters (often those who use SPEWS) respond that SPEWS is a list of ISPs with spam problems. It is the ISP that's listed, not the customers. This is often argued with an analogy of pizza delivery companies who will not deliver to high crime areas. It's a bad situation for someone "stuck" in a bad area, but supporters argue that this also provides encouragement for a good citizen to unstick themselves and move to an ISP without a spam problem. The bad ISP loses revenue and the good ISP gets more customers, further encouraging bad ISPs to clean up.

Supporters of SPEWS often point to the claim that SPEWS "blocks" email from sites as a misconception. A SPEWS listing only causes mail to be refused if the recipient of the email (or their ISP) chooses to block based on the SPEWS IP list.

This counter argument has been criticized on the grounds that SPEWS is spreading information in a way conducive for blocking and in the knowledge that people are using it to block. According to this criticism, SPEWS should then be considered partly responsible for any blocking that happens and can be legitimately blamed if the blocking is inappropriate. In this view, the claims that lists such as SPEWS are advisory and that SPEWS itself does not block are seen as attempts to evade responsibility for SPEWS's own actions.

[edit] Delisting

According to the SPEWS FAQ, listings are removed when the spam or spam-support has stopped. Just as they do not solicit nominations for listings, the SPEWS operators do not solicit requests for delistings. There is no contact information published on the SPEWS Web site. There is no spews.org mail server, and the operators of SPEWS do not receive email under the SPEWS name.

It is believed that the operators read certain Usenet newsgroups related to spam and email abuse. However, no poster has claimed to be a SPEWS operator and no regular of the newsgroups claims to know their identity. By the accounts of many of those regulars, SPEWS can detect automatically when such support stops, but this is not supported by any information in the SPEWS FAQ.

[edit] External links

• http://www.spews.org/

[edit] FAQ links

• First Post To NANAE Newsgroup
• Address munging FAQ
• List of terms found in NANAE
• Dave the Resurrector FAQ
  (Sometimes posts mysteriously disappear from NANAE. The program Dave the Resurrector usually recovers these posts.)