Wednesday, November 15, 2006
Wanadoo don' wanna do nuffin
Spam comes from every nation where there's Internet access. That's because every nation with phone service has criminally negligient Internet service providers (ISPs). Most spam comes from big ISPs whose main business is phone or cable TV service.
One of the biggest spam sources is France Telecom, also known as Wanadoo. Or Wanna-doodoo. The servers I run have been blocking email from Wanadoo's customers' bot-infested MSFT PCs for years.
Eventually we got so much phish spam through Wanadoo's outbound relays (the servers ISPs provide for their customers to send email through) that I blocked those too. Unlike most spammers, phishers make no pretense of being "legitimate businessmen." They prefer to send through servers that normally send legitimate email, because they get better delivery rates than consumer-owned bot-boxes get. They buy web-hosting accounts with stolen credit cards, or they just break in.
Didn't get away with that for long. With thousands of users (email aliases and Mailman lists) we quickly hear about the collateral damage. I had to let the mail from Wanadoo's outbound relays through, phishes and all.
But I'm not the only email admin fed up with Wannadoodoo. That particular outbound relay, smtp3.wanadoo.fr, is listed in the public block lists NOMOREFUNN, SORBS-SPAM, SPAMCANNIBAL, and TQM-SPAMTRAP. And those are just the DNSBLs they check at Dnsstuff.com. Those four are lists of IP addresses that have sent spam to the owners' traps. That policy is too aggressive for typical ISPs' customers, as you can see from our experience, but schools and corporate campuses may use them. Wanadoo users are going to have problems sending email to a lot of places. Paul Vixie calls this kind of shunning an intentional outage and it's getting to be standard defensive practice. If you depend on email to do real work, choose your ISP carefully. A consumer-oriented ISP like Verizon or Comcast or Yahoo or Wanadoo is going to give you problems.
One of the biggest spam sources is France Telecom, also known as Wanadoo. Or Wanna-doodoo. The servers I run have been blocking email from Wanadoo's customers' bot-infested MSFT PCs for years.
Eventually we got so much phish spam through Wanadoo's outbound relays (the servers ISPs provide for their customers to send email through) that I blocked those too. Unlike most spammers, phishers make no pretense of being "legitimate businessmen." They prefer to send through servers that normally send legitimate email, because they get better delivery rates than consumer-owned bot-boxes get. They buy web-hosting accounts with stolen credit cards, or they just break in.
Didn't get away with that for long. With thousands of users (email aliases and Mailman lists) we quickly hear about the collateral damage. I had to let the mail from Wanadoo's outbound relays through, phishes and all.
But I'm not the only email admin fed up with Wannadoodoo. That particular outbound relay, smtp3.wanadoo.fr, is listed in the public block lists NOMOREFUNN, SORBS-SPAM, SPAMCANNIBAL, and TQM-SPAMTRAP. And those are just the DNSBLs they check at Dnsstuff.com. Those four are lists of IP addresses that have sent spam to the owners' traps. That policy is too aggressive for typical ISPs' customers, as you can see from our experience, but schools and corporate campuses may use them. Wanadoo users are going to have problems sending email to a lot of places. Paul Vixie calls this kind of shunning an intentional outage and it's getting to be standard defensive practice. If you depend on email to do real work, choose your ISP carefully. A consumer-oriented ISP like Verizon or Comcast or Yahoo or Wanadoo is going to give you problems.
