Loading ...
Sorry, an error occurred while loading the content.
 

Re: [hackers-il] Major Israeli ISPs are in a spam blacklist

Expand Messages
  • Nadav Har'El
    ... I hope that they are at least not blocking these domains by checking the email address, but rather checking the reverse name resolution of the IP address
    Message 1 of 3 , Aug 31, 2002
      On Sat, Aug 31, 2002, Omer Zak wrote about "[hackers-il] Major Israeli ISPs are in a spam blacklist":
      >...
      > now employ a draconian E-mail filtering system.
      >
      > I had a look at their list of blocked domains
      > (at URL http://www.roestock.demon.co.uk/emailfilter/domain.txt), and to my
      >...

      I hope that they are at least not blocking these domains by checking the
      email address, but rather checking the reverse name resolution of the IP
      address sending the message. Checking the email address on the "From: "
      or "From " is a worthless practice which rarely catches any spam, and only
      catches legitimate mail (I'm reminded of the day when a system administrator
      I know blocked all mail carrying "@..." addresses - users were pretty
      pissed off!).

      > horror I found that several Israeli ISPs and even some very reputable
      > institutions are on it. The full domain.txt lists 4613 domains. Out of
      > them, there are 33 domains ending with '.il'.

      Many of the "reputable institutions" you list indeed had open relays at
      one time of another, and I did get spam from some of them - both Israeli
      specific spam, and plain-old-international-spam.

      Most of these don't seem to be taking any significant measures against the
      spammers; Some Israeli ISPs have been (ab)used by the same spammer for months,
      using exactly the same MO, and yet they refuse to do anything about it (and
      they always come up with responses to abuse@ email that is probably designed
      to frustrate the complainer).

      Anyway, I wonder how fresh this list is... Putting, say, rafael.co.il on a
      blacklist forever because it was an open relay for a brief period two years
      ago doesn't make much sense. All good blacklists have retesting, or at least
      old entries get deleted automatically. I doubt this guy's blacklist is any
      good by these standards.

      > This was a shock for me, as I had no idea that Israeli ISPs (with the
      > exception of Actcom) do so bad job fighting spam originating from their
      > domains.

      Israeli ISPs turn up on various blacklists so often that I added some of their
      servers to my own whitelist which overrides any other blacklist:

      # Netvision.net.il
      "194.90.1.11", "194.90.9.24",
      # Inter.net.il
      #"192.116.202.83","192.116.202.84",
      # Tau
      #"132.66.16.11",
      # Barak
      #"206.49.94.213",
      # Radware
      #"209.218.228.189",
      # Actcom
      #"192.114.47.13",
      # Rafael
      #"194.90.39.97",
      # bezeqint
      "192.115.106.45", "192.115.106.47",

      (commented out entries were once in blacklists, but now are not in any
      major blacklist any more because they ceased being open relays).

      Other Israeli servers and dialup/ADSL ranges in Israel ended up on my
      personal blacklist, because the Israeli ISPs are doing absolutely nothing
      to eradicate this problem, and the International blacklists don't seem
      to care much about intra-Israeli spam.


      --
      Nadav Har'El | Saturday, Aug 31 2002, 23 Elul 5762
      nyh@... |-----------------------------------------
      Phone: +972-53-245868, ICQ 13349191 |"[I'm] so full of action, my name should
      http://nadav.harel.org.il |be a verb" -- Big Daddy Kane ("Raw", 1987)
    • Arik Baratz
      ... I have been aware of this for a while, and furthermore I have complained multiple times to Barak for allowing spam on cyclone.barak.net.il, without any
      Message 2 of 3 , Sep 1, 2002
        > This was a shock for me, as I had no idea that Israeli ISPs (with the
        > exception of Actcom) do so bad job fighting spam originating
        > from their
        > domains.

        I have been aware of this for a while, and furthermore I have complained multiple times to Barak for allowing spam on cyclone.barak.net.il, without any reply to my queries.

        I'm glad they are on a list. Their users need to make the right choices of ISP, and I hope this will help.

        That'll show them.

        > cyclone.barak.net.il

        That's the one used by SAKAL

        -- Arik
        **********************************************************************
        This email and attachments have been scanned for recognized contextual characteristics by PortAuthority Server to SafeGuard privileged or sensitive information. Vidius, Inc. We value information.
      Your message has been successfully submitted and would be delivered to recipients shortly.