[71721] in North American Network Operators' Group
Re: Attn MCI/UUNet - Massive abuse from your network
daemon@ATHENA.MIT.EDU (Ben Browning)
Mon Jun 21 19:14:52 2004
Date: Mon, 21 Jun 2004 16:09:47 -0700
To: "Christopher L. Morrow" <christopher.morrow@mci.com>
From: Ben Browning <benb@theriver.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0406211925480.521@sharpie.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
At 12:28 PM 6/21/2004, Christopher L. Morrow wrote:
>the ethics office doesn't need to see your complaints, they don't really
>deal with these anyway.
I am quite sure that the ethics department does not deal with spam
complaints. My complaint is that your stated policy is clearly not being
followed. MCI is currently the Number 1 spam source on many lists-
certainly, your overall size skews that figure somewhat, but the listings I
see (on the SBL anyway, I do not have the many hours needed to read all the
documentation SPEWS has to offer) have reports that are at least 6 months
old and are still alive...
As an example, I see a posting that says emailtools.com was alive on
206.67.63.41 in 2000. They aren't there any more... But now:
[me@host]$ telnet mail.emailtools.com 25
Trying 65.210.168.34...
Connected to mail.emailtools.com.
Escape character is '^]'.
220 mail.emailtools.com ESMTP Merak 5.1.5; Mon, 21 Jun 2004 18:55:20 -0400
quit
221 2.0.0 mail.emailtools.com closing connection
Connection closed by foreign host.
[me@host]$ whois `dnsip mail.emailtools.com`
UUNET Technologies, Inc. UUNET65 (NET-65-192-0-0-1)
65.192.0.0 - 65.223.255.255
MTI SOFTWARE UU-65-210-168-32-D9 (NET-65-210-168-32-1)
65.210.168.32 - 65.210.168.39
I can furnish as many examples as needed of cases where UUNet has
demonstrably ignored complaints. Alternately, you could go ask any major
anti-spam community(NANAE for example) or entity (SpamCop, etc) how they
feel your abuse@ response has been. If this sounds like a pain, I will
gladly collect such stories and send them to whoever there can effect
changes in these policies.
>On Mon, 21 Jun 2004, Ben Browning wrote:
>
> > At 11:42 AM 6/21/2004, Christopher L. Morrow wrote:
> > >curious, why did you not send this to the abuse@ alias?
> >
> > I wanted it to get read.
>
>messages to abuse@ do infact get read...
Allow me to rephrase- I wanted it to be read and hoped someone would act on
complaints. I have no doubt MCI is serious about stopping DDOS and other
abusive traffic of that ilk- when it comes to proxy hijacking and spamming,
though, abuse@ turns a blind eye. What other conclusion can I draw from the
200ish SBL entries under MCI's name? Why else would emailtools.com(for
example) still be around despite their wholesale raping of misconfigured
proxies?
All I want is a couple of straight-up answers. Why do complaints to uunet
go unanswered and the abusers remain connected if, in fact, the complaints
are read? Why has MCI gone from 111 SBL listings as of January 1 to 190 as
of today? To whom does the anti-spam community turn when it becomes obvious
a tier-1 provider is ignoring complaints?
If I am a kook and an idiot for wanting a cleaner internet, well then I
guess I am a kook and an idiot.
~Ben
---
Ben Browning <benb@theriver.com>
The River Internet Access Co.
WA Operations Manager
1-877-88-RIVER http://www.theriver.com
