Discussion:
UCEPROTECT, APEWS and the truth about Marc Perkel
(too old to reply)
Johann Steigenberger
2007-04-23 23:33:54 UTC
Permalink
Hi all,
sorry to bug you with this thread, but we want to give you a statement
after all those lies we have seen here by Marc Perkel here after he
has started the thread: Who is APEWS?

1. UCEPROTECT is not related to APEWS.
We just mirror their blacklist, as TQMCUBE and SORBS do too.
We do not import their data into our zones.
But it seems Marc Perkel is related to Moris :-) because both are
claiming the same lies.

2. UCEPROTECT lists for SAV because it is abusive.
Yes we had also listed Verizon for about 1 year for permanently hitting
our spamtraps with their SAV.
Then they stopped SAV and got delisted.
And it is a pure lie that we charge users for removals.
IP's listed are expiring 7 days after the Abuse was stopped, free of charge.
There is an option only to pay for an expedited immediate removal.

3. SAV is a bad idea. It is not an Exim invention.
It is an invention made by spammers, long before Exim had that "feature".
Spammers are using the same technique for dictionary attacks.

What Lusers as Marc Perkel do not understand is, that if there is a Spammer
faking to be ***@yourdomain.tld (assuming that would be your address) and he
would
send out 15 Millions of spammail with that forged from, you will get about 1
Million
"Verification Requests" from Systems around the globe, where each of them is
just doing ONE try to "Verify" ***@yourdomain.tld is deliverable.

That results in a very high load on your server, and delays for your regular
mails,
because all of your sockets are busy with lamerz just "veryifiing" your
address.

It is not the problem that you do it, the problem is that some million
others are too.
Millions of Systems connecting to one target at nearly the same time are
the problem. That leads to a DDOS. And you are part of it ...

And last not least:
RFC 821 knows a command "VRFY" to do that test.
Most Administrators have chosen to disable this, because Spammers were
abusing it.
Anyone trying to circumvent a restriction on a remote system is an Abuser.
So faking to be a null sender and going up to RCPT TO means you are an
Abuser.
That is what Exim's SAV does.

4. Marc Perkel tries to discredit UCEPROTECT since a long time now.
What you might find interesting is, that Marc has started a blacklist
himself,
he calls this "HOSTKARMA", where he lists IP's which have never done any
Abuse or Spammings.
Just goto DNSSTUFF and test 194.95.224.137 if you do not trust me.
This IP is listed just because we list Marc for his abusive SAV :-)

Ok it does not matter to us, because no one is using Marc's fraudulent
Hostkarma".
But it should be an indicator for his bad trustworthy.

Whatever happend to Marc, there are always the others resonsible for that
:-)
He never got the Idea that he could be the problem.

If you ever have been on Marcs Website and have seen who he thinks "sucks",
then you might get an idea of who really sucks: Mr. Escrow Service Himself:
Marc Perkel.

Thank you for your time.

Johann Steigenberger
UCEPROTECT-Network
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-04-24 00:13:52 UTC
Permalink
Post by Johann Steigenberger
2. UCEPROTECT lists for SAV because it is abusive.
Yep - that's what I've been trying to tell people and he just admitted.
If you use the Sender Address Verification features of Exim then
UCEProtect will blacklist you as a spammer. So he admits what I've been
warning you about.

This raises a bigger question. Should people who advertise blacklists
that are supposed to block spammer be used for other reasons other than
blocking spammers? As everyone knows including Johann I run a spam
filtering business. So if you are running a blacklist and you know you
are blacklisting the IP addresses of your competitors knowing they
aren't spammers, what does that say about you.

UCEProtect also charges money to remove false positive from it's list.

They also deliberately listed all my servers including dummy IP MX
records I use that have never had a computer on them. So if he's going
to list me manually on his black lists then he has no standing to
complain when someone does the same to him.

Mr. Johann Steigenberger is little more than a bully who is using his
blacklist to bully Exim users so that you won't use SAV. Some people
back down from bullies and some don't. Generally I might ignore his
message but his blacklist affects all of us and as he has said, if he
doesn't like the way you filter spam his going to list you on his blacklist.

I also believe that APEWS is just a stealth copy of his own lists as
they the exactly the same positions on listing Exim users who use SAV. I
recognize the same arrogance in their policies. The are also some
strange secret society and as with UCEProtect, if you are wrongly listed
you can't get removed.

Ultimately when people who add spam filtering services to their block
list as spammers then the spammers win. And if we give into bully
tactics then the bullies win. SAV is very effective in blocking spam
especially the way Exim implements it and it is up to us to choose to
use it if we want and not up to Mr. Steigenberger to make that decision
for you.


Marc Perkel
Junk Email Filter dot com
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Dave Lugo
2007-04-24 00:56:37 UTC
Permalink
Please take this elsewhere. The exim list isn't the
place for it.
Date: Mon, 23 Apr 2007 17:13:52 -0700
Subject: Re: [exim] UCEPROTECT, APEWS and the truth about Marc Perkel
Post by Johann Steigenberger
2. UCEPROTECT lists for SAV because it is abusive.
Yep - that's what I've been trying to tell people and he just admitted.
If you use the Sender Address Verification features of Exim then
UCEProtect will blacklist you as a spammer. So he admits what I've been
warning you about.
This raises a bigger question. Should people who advertise blacklists
that are supposed to block spammer be used for other reasons other than
blocking spammers? As everyone knows including Johann I run a spam
filtering business. So if you are running a blacklist and you know you
are blacklisting the IP addresses of your competitors knowing they
aren't spammers, what does that say about you.
UCEProtect also charges money to remove false positive from it's list.
They also deliberately listed all my servers including dummy IP MX
records I use that have never had a computer on them. So if he's going
to list me manually on his black lists then he has no standing to
complain when someone does the same to him.
Mr. Johann Steigenberger is little more than a bully who is using his
blacklist to bully Exim users so that you won't use SAV. Some people
back down from bullies and some don't. Generally I might ignore his
message but his blacklist affects all of us and as he has said, if he
doesn't like the way you filter spam his going to list you on his blacklist.
I also believe that APEWS is just a stealth copy of his own lists as
they the exactly the same positions on listing Exim users who use SAV. I
recognize the same arrogance in their policies. The are also some
strange secret society and as with UCEProtect, if you are wrongly listed
you can't get removed.
Ultimately when people who add spam filtering services to their block
list as spammers then the spammers win. And if we give into bully
tactics then the bullies win. SAV is very effective in blocking spam
especially the way Exim implements it and it is up to us to choose to
use it if we want and not up to Mr. Steigenberger to make that decision
for you.
Marc Perkel
Junk Email Filter dot com
--
--------------------------------------------------------
Dave Lugo ***@etherboy.com LC Unit #260 TINLC
Have you hugged your firewall today? No spam, thanks.
--------------------------------------------------------
Are you the police? . . . . No ma'am, we're sysadmins.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Johann Steigenberger
2007-04-24 01:02:36 UTC
Permalink
Post by Marc Perkel
If you use the Sender Address Verification features of Exim then
UCEProtect will blacklist you as a spammer. So he admits what I've been
warning you about.
This has nothing to do with Exim.
If you do SAV you are an Abuser.
If you hit an UCEPROTECT-Trap out there with an SAV you got listed.
No matter who or what you are or what you are using.
Post by Marc Perkel
As everyone knows including Johann I run a spam filtering business.
This does not matter, as long as you are abusing other systems.
Post by Marc Perkel
So if you are running a blacklist and you know you
are blacklisting the IP addresses of your competitors knowing they
aren't spammers, what does that say about you.
You are not in the position to be a competitor for me nor you will ever be.
The difference between us is:
If i do something wrong, i stand to my fault.
If you do something wrong, the others are guilty :-)
Post by Marc Perkel
UCEProtect also charges money to remove false positive from it's list.
That is complete nonsense.
I never had a problem to public say "sorry" if we had listed someone
accidently.
This happend exactly 2 times in the last 6 years.

You were not accidently listed.
Post by Marc Perkel
to list me manually on his black lists then he has no standing to
complain when someone does the same to him.
That is what reflects your personality:
"Oh these bad UCEPROTECT guys have listed my IP's , so lets list them too
:-)"
That leads to the question how old are you ? 3 or 4 ....
Search for a Kindergarden in your area...
Post by Marc Perkel
Generally I might ignore his message but his blacklist affects all of us
and as he has said, if he doesn't like the way you filter spam his going
to list you on his blacklist.
No it does not affect all of you.
It does affect the brianless using a "feature" because it is there, and
because they
think they can burden their "Spamfiltering" on third partys systems.
Post by Marc Perkel
I also believe that APEWS is just a stealth copy of his own lists as
they the exactly the same positions on listing Exim users who use SAV.
See: http://www.uceprotect.org/FAQS/apews.html
Post by Marc Perkel
I recognize the same arrogance in their policies. The are also some
strange secret society and as with UCEProtect, if you are wrongly listed
you can't get removed.
The same lies as Moris usually tells in nanae ....
That leads us to the question: Are you one of Moris friends?
What will happen next? Will you call me a Nazi commander as he did?

Johann Steigenberger
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-04-24 01:48:55 UTC
Permalink
You probably know that personal attacks are not permitted on this list.
So if you're going to be part of a discussion you have to play by the rules.
Post by Johann Steigenberger
Post by Marc Perkel
If you use the Sender Address Verification features of Exim then
UCEProtect will blacklist you as a spammer. So he admits what I've been
warning you about.
This has nothing to do with Exim.
If you do SAV you are an Abuser.
If you hit an UCEPROTECT-Trap out there with an SAV you got listed.
No matter who or what you are or what you are using.
Right - that's exactly what I said. If you are an Exim user and you use
the SAV feature then UCEProtect will blacklist you as a spammer.
Post by Johann Steigenberger
Post by Marc Perkel
UCEProtect also charges money to remove false positive from it's list.
That is complete nonsense.
I never had a problem to public say "sorry" if we had listed someone
accidently.
This happend exactly 2 times in the last 6 years.
Not acording to this news froup.
http://groups.google.com/group/news.admin.net-abuse.blocklisting/topics?lnk=srg&hl=en
Post by Johann Steigenberger
You were not accidently listed.
I know - I was deliberately listed.
Post by Johann Steigenberger
Post by Marc Perkel
to list me manually on his black lists then he has no standing to
complain when someone does the same to him.
"Oh these bad UCEPROTECT guys have listed my IP's , so lets list them too
:-)"
That leads to the question how old are you ? 3 or 4 ....
Search for a Kindergarden in your area...
Yep - if you know I'm a spam filtering service and you list me in your
black list knowing that then I'm going to list you in my black list for
listing me. As they say, turn about is fair play. You manually listed my
IP addresses in your block list and I manually entered your IP address
in my block list. Since you did it to me then why is it wrong for me to
do it to you?

There's some people who you can bully and some people you can't. I don't
think coming here and telling Exim users that you are going to blacklist
anyone who uses SAV or sends bounce notifications is a good idea. I
don't think Exim users are going to respond to your threats.

When you blacklist people who you know are not spammers on a spam block
list then that is dishonest and it's an attack on the innocent. You show
up here attacking not only me but you are threatening the entire Exim
community. You have stated that you will list anyone who either uses
sender address verification or sends bounce messages. So if a spammer
spoofs one of your spam traps and it creates a bounce, the bounce will
get you listed.

Consider this. I'm in the spam filtering business. Suppose someone using
a comcast account sends a spam message to someone who I filter for. The
spammer uses an email address that is in your spam trap. Here's what
happens. Comcast connects to my server and my server rejects the message
at connect because I determine it is spam. Then comcast generates a
bounce message because I refused the spam and the comcast server gets
blacklisted in your spammers list because they send a bounce message to
your trap. The Comcast has to pay you ransom to get delisted.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Rick Cooper
2007-04-24 00:32:50 UTC
Permalink
-----Original Message-----
Sent: Monday, April 23, 2007 7:31 PM
Subject: [exim] UCEPROTECT, APEWS and the truth about Marc Perkel
Hi all,
sorry to bug you with this thread, but we want to give you a
statement
after all those lies we have seen here by Marc Perkel here after he
has started the thread: Who is APEWS?
[...]
3. SAV is a bad idea. It is not an Exim invention.
It is an invention made by spammers, long before Exim had
that "feature".
Spammers are using the same technique for dictionary attacks.
What Lusers as Marc Perkel do not understand is, that if
there is a Spammer
address) and he
would
send out 15 Millions of spammail with that forged from, you
will get about 1
Million
"Verification Requests" from Systems around the globe, where
each of them is
That results in a very high load on your server, and delays
for your regular
mails,
because all of your sockets are busy with lamerz just
"veryifiing" your
address.
I just had a joe-job spam incident against one of our domains and let me
tell you I would MUCH prefer a million verification attempts to the
thousands of freaking postmaster bounces that include a portion of the
original email. See, in a prefect world every server that received the email
would have checked our spf records that list every conceivable host that
does/might deliver mail for our domain(s) and hard fails everything else.
It's not a prefect world and I got thousands of bounces (why did they accept
them in the first place) and "spam returns" that end up costing FAR more
since they end up being passed on the SpamAssassin and the virus checking
routines. We don't spam check or virus test verification attempts believe it
or not. The truth is sender verification should be the last test on the list
but it is valid, or acceptable for me on BOTH sides of the connection. Until
someone decides it's time to expand the protocol, or better yet design a
system that operates like DNS but has only the purpose of validating hosts
and users, this is a better tool. If a message makes it past all our other
tests to sender validation then we do verify the sender, and I must admit we
don't catch as many forged addresses as we did two years ago, but I think if
everyone stopped SAV the problem would return at an even heavier rate as
before.
It is not the problem that you do it, the problem is that some million
others are too.
Millions of Systems connecting to one target at nearly the
same time are
the problem. That leads to a DDOS. And you are part of it ...
RFC 821 knows a command "VRFY" to do that test.
Most Administrators have chosen to disable this, because Spammers were
abusing it.
Exactly so what is left?
Anyone trying to circumvent a restriction on a remote system
is an Abuser.
So faking to be a null sender and going up to RCPT TO means you are an
Abuser.
That is what Exim's SAV does.
Again, then what is the answer? Just open the door to anything just because
they say they are ***@comcast.net? Then accept their message, check it
for spam, then viruses and thank our stars all our resources are not being
taken up by a light weight helo/mail from/rcpt to: and are instead devoted
to the virtually resource free spam and virus checking? Boy, I know I would
much prefer all the disk thrashing of the former over the terribly expensive
latter.

Rick
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-04-24 00:49:33 UTC
Permalink
Post by Rick Cooper
-----Original Message-----
Sent: Monday, April 23, 2007 7:31 PM
Subject: [exim] UCEPROTECT, APEWS and the truth about Marc Perkel
Hi all,
sorry to bug you with this thread, but we want to give you a
statement
after all those lies we have seen here by Marc Perkel here after he
has started the thread: Who is APEWS?
[...]
I just had a joe-job spam incident against one of our domains and let me
tell you I would MUCH prefer a million verification attempts to the
thousands of freaking postmaster bounces that include a portion of the
original email. See, in a prefect world every server that received the email
would have checked our spf records that list every conceivable host that
does/might deliver mail for our domain(s) and hard fails everything else.
It's not a prefect world and I got thousands of bounces (why did they accept
them in the first place) and "spam returns" that end up costing FAR more
since they end up being passed on the SpamAssassin and the virus checking
routines. We don't spam check or virus test verification attempts believe it
or not. The truth is sender verification should be the last test on the list
but it is valid, or acceptable for me on BOTH sides of the connection. Until
someone decides it's time to expand the protocol, or better yet design a
system that operates like DNS but has only the purpose of validating hosts
and users, this is a better tool. If a message makes it past all our other
tests to sender validation then we do verify the sender, and I must admit we
don't catch as many forged addresses as we did two years ago, but I think if
everyone stopped SAV the problem would return at an even heavier rate as
before.
Rick, I'm totally in agreement with you on this one. In fact I try to
keep my servers as SAV friendly as possible because I've noticed that
spammers don't spoof domains where the hosting servers are SAV friendly.
Spammers tend to pick domains that use wildcard email addresses you fail
to return good verification information because the spammer knows they
will be caught.

And - like you said, a verification connection creates far less overhead
than dealing with bounce messages. It is an effective tool to keep
spammers from making up fake email addresses.

And - I'm with you on the idea of using some kind of DNS verification to
determine if the sender is good. I'd love to hear ideas as to how to
make that happen.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
W B Hacker
2007-04-24 00:55:48 UTC
Permalink
Rick Cooper wrote:
*snip*
Post by Rick Cooper
I just had a joe-job spam incident against one of our domains and let me
tell you I would MUCH prefer a million verification attempts to the
thousands of freaking postmaster bounces that include a portion of the
original email. See, in a prefect world every server that received the email
would have checked our spf records that list every conceivable host that
does/might deliver mail for our domain(s) and hard fails everything else.
It's not a prefect world and I got thousands of bounces (why did they accept
them in the first place) and "spam returns" that end up costing FAR more
since they end up being passed on the SpamAssassin and the virus checking
routines. We don't spam check or virus test verification attempts believe it
or not. The truth is sender verification should be the last test on the list
but it is valid, or acceptable for me on BOTH sides of the connection. Until
someone decides it's time to expand the protocol, or better yet design a
system that operates like DNS but has only the purpose of validating hosts
and users, this is a better tool. If a message makes it past all our other
tests to sender validation then we do verify the sender, and I must admit we
don't catch as many forged addresses as we did two years ago, but I think if
everyone stopped SAV the problem would return at an even heavier rate as
before.
There are better tools to stop that.

Are you accepting alleged 'bounces'..

- with multiple recipients?

- from dynamic IP?

- that cannot be resolved at all?

- from servers that will not stand up to a brief delay?

- that try to pipeline when you do not advertise it?

- that attempt to forge their origin, or HELO as your own server?

You don't need SAV for any of those tests.....

Or blacklists. Good, bad, or indifferent.

Bill
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-04-24 01:06:15 UTC
Permalink
Actually Bill I'm not sure how DNSStuff picked up my list. It's mostly
for my use and my friends originally and although it can be used for the
blacklist part it's strongest feature is in its whitelist.

What I do is track IP addresses and count spams and hams in a MySQL
database. Once an IP has 25 entries then they make the list. If they are
99% spam then they are blacklisted. If 99% ham they are whitelisted. And
the resy are what I call yellow listed. A yellow listing meean that they
are a mixed source and the send some ham. I use this to skip all other
blacklist tests.

http://wiki.ctyme.com/index.php/Spam_DNS_Lists
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Johann Steigenberger
2007-04-24 01:32:18 UTC
Permalink
Post by Rick Cooper
I just had a joe-job spam incident against one of our domains and let me
tell you I would MUCH prefer a million verification attempts to the
thousands of freaking postmaster bounces that include a portion of the
original email. See, in a prefect world every server that received the email
would have checked our spf records that list every conceivable host that
does/might deliver mail for our domain(s) and hard fails everything else.
There is NO excusion for a system to backscatter.
Those get listed at UCEPROTECT too ...
Post by Rick Cooper
It's not a prefect world and I got thousands of bounces (why did they accept
them in the first place) and "spam returns" that end up costing FAR more
since they end up being passed on the SpamAssassin and the virus checking
routines.
Who told you that nonsense, that you have to accept mail to spamtraps?
If someone hits a spamtrap you definitiveley know that it can not be a real
mail.
So why accept it ?
You can simply reject everyone hitting one of your spamtraps at envelop
level after rcpt to...
Post by Rick Cooper
Post by Johann Steigenberger
RFC 821 knows a command "VRFY" to do that test.
Most Administrators have chosen to disable this, because Spammers were
abusing it.
Exactly so what is left?
What will be left if all Users out there will break RFC821 and stop
accepting NULL-Senders
thanks to guys like Marc and you?
Post by Rick Cooper
Anyone trying to circumvent a restriction on a remote system
is an Abuser.
So faking to be a null sender and going up to RCPT TO means you are an
Abuser.
That is what Exim's SAV does.
Again, then what is the answer? Just open the door to anything just because
they say they are ***@comcast.net?

If it goes to a nonexistant user just say 550 at the gate.

Johann Steigenberger
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Juha Saarinen
2007-04-24 01:45:02 UTC
Permalink
The Exim list is the wrong place for your flame fest; NANAE is in ->
that direction.
--
Juha
http://www.geekzone.co.nz/juha
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
W B Hacker
2007-04-24 00:50:34 UTC
Permalink
Post by Johann Steigenberger
Hi all,
sorry to bug you with this thread, but we want to give you a statement
after all those lies we have seen here by Marc Perkel here after he
has started the thread: Who is APEWS?
Johann,

I'll take it on faith that you are trying to clear the air, but gasoline on a
fire few are really interested in is not really helpful...

Let's see if we can 'level' this a bit..
Post by Johann Steigenberger
1. UCEPROTECT is not related to APEWS.
We just mirror their blacklist, as TQMCUBE and SORBS do too.
We do not import their data into our zones.
But it seems Marc Perkel is related to Moris :-) because both are
claiming the same lies.
Yawn....
Post by Johann Steigenberger
2. UCEPROTECT lists for SAV because it is abusive.
Perhaps it can be. Sometimes. But...
Post by Johann Steigenberger
Yes we had also listed Verizon for about 1 year for permanently hitting
our spamtraps with their SAV.
Then they stopped SAV and got delisted.
If/as/when Sender Address Verification is hitting a spamtrap, one or more OTHER
tests have not been made first.

And that probably IS wrong.

But what is being ID'ed is not that SAV is 'always bad'.

Rather that a server has been carelessly configured.

Which, in and of itself, may - or may not - justify blacklisting.
Post by Johann Steigenberger
And it is a pure lie that we charge users for removals.
IP's listed are expiring 7 days after the Abuse was stopped, free of charge.
There is an option only to pay for an expedited immediate removal.
24 hours - or even 12 hours - should work just as well, then, if you only
purport to list chronic, repeat offenders, should it not?
Post by Johann Steigenberger
3. SAV is a bad idea. It is not an Exim invention.
It is an invention made by spammers, long before Exim had that "feature".
Spammers are using the same technique for dictionary attacks.
Exim 'invention' or not, SAV is near-zero use for dictionary
attacks *IF* the server is configured to even moderately close observance of RFC's.

Simply put, it should not be 'entertaining' connections from IP that cannot be
resolved properly either 'at all', (sometimes too strict) or on some
score-and-decide-later basis that provides for accepting traffic from badly
configured, but not overtly malicious, servers.

How many spambots are on fixed-IP with proper DNS & PTR RR AND NOT on major RBL's?

Damned few.

In either case, the determination can be made no later than, if not well before
'RECPT TO:', and the connection 'managed' (denied or deferred) - SAV or otherwise.
Post by Johann Steigenberger
What Lusers as Marc Perkel do not understand is, that if there is a Spammer
would
send out 15 Millions of spammail with that forged from, you will get about 1
Million
"Verification Requests" from Systems around the globe, where each of them is
Nothing of the sort. More 'proper' servers are dropping that sort of forgery
right up front with every passing day. SAV use is not growing, if only because
it is not, and has never been, a reliable general purpose tool.

Nor was it intended to be.

SAV is at its most 'predictable and reliable' within a complex of servers under
common control, where it can be a usefull alternative to synchronizing entire
databases.

The utility of SAV for legitimate purposes drops off - sharply - the further
away from common control, or at least 'common philosophy' of control one moves.
Post by Johann Steigenberger
That results in a very high load on your server, and delays for your regular
mails,
because all of your sockets are busy with lamerz just "veryifiing" your
address.
Not unless you are doing everything ELSE in a sloppy manner.

How much time do you suppose a well-configured server will waste on a connection
from a spambot arriving from a dynamic IP with no DNS records, let alone a PTR?

Not a great deal.

Feel free to try it on any of my servers. We have broad shoulders.
Post by Johann Steigenberger
It is not the problem that you do it, the problem is that some million
others are too.
Millions of Systems connecting to one target at nearly the same time are
the problem. That leads to a DDOS. And you are part of it ...
Beg to disagree. Exim's docs - let alone the general tone of list traffic - do
not recommend the *blanket* use of SAV. One size does NOT fit all.

It is a tool that needs careful and specific application if it is used at all.
Post by Johann Steigenberger
RFC 821 knows a command "VRFY" to do that test.
Most Administrators have chosen to disable this, because Spammers were
abusing it.
Anyone trying to circumvent a restriction on a remote system is an Abuser.
So faking to be a null sender and going up to RCPT TO means you are an
Abuser.
That is what Exim's SAV does.
No one is requiring that you *respond* to that sort of SAV.

We don't make SAV callouts. We do permit them.

But it costs us nothing near the risk of DDoS - simply becasue the arrivee must
have passed other, simpler, tests first.

SAV from a legitimate server is responded to. This list's server, for example.

A spambot/zombie is not.
Post by Johann Steigenberger
4. Marc Perkel tries to discredit UCEPROTECT since a long time now.
What you might find interesting is, that Marc has started a blacklist
himself,
he calls this "HOSTKARMA", where he lists IP's which have never done any
Abuse or Spammings.
Yawn... May wear his shoes on the wrong feet, too. Or not.
Who cares?
Post by Johann Steigenberger
Just goto DNSSTUFF and test 194.95.224.137 if you do not trust me.
This IP is listed just because we list Marc for his abusive SAV :-)
BFD.
Post by Johann Steigenberger
Ok it does not matter to us, because no one is using Marc's fraudulent
Hostkarma".
Finally. Something we can agree on....

;-)
Post by Johann Steigenberger
But it should be an indicator for his bad trustworthy.
Whatever happend to Marc, there are always the others resonsible for that
:-)
He never got the Idea that he could be the problem.
You are overstating both 'the problem', his influence, and yours.

Dramatically so.
Post by Johann Steigenberger
If you ever have been on Marcs Website and have seen who he thinks "sucks",
Marc Perkel.
Thank you for your time.
Johann Steigenberger
UCEPROTECT-Network
Johann,

Give it a rest.

You only have a problem with Herr Perkel if you take him seriously.

Or he, you.

'Great Expectations', both. Don't hold your breath while waiting...

Bill
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Johann Steigenberger
2007-04-24 02:27:37 UTC
Permalink
Post by Marc Perkel
Actually Bill I'm not sure how DNSStuff picked up my list.
Don't lie again here. You told it to them ....

Problematically you told, that you blacklist IP's of companys which
are listing you, but these criterias could not be found in your policy:-)

What does this mean to your list?
One could also pick a random number and reject on that :-)
Seems you still have much to learn about blacklists ...

No one will trust you if you break your own published listing criterias.

And think about my words:
The day will come where you will end up in countless private lists
with no chance to be ever removed, if you continue your abusive SAV.

UCEPROTECT might then be your least problem ...
You should really stop using SAV.

Best would be if the Maintainer of Exim would remove that "feature"
in the next release, so that you could no longer abuse other systems.

That said i will leave you and visit my favorite groups ....

Johann Steigenberger
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Marc Perkel
2007-04-24 02:43:15 UTC
Permalink
Post by Johann Steigenberger
The day will come where you will end up in countless private lists
with no chance to be ever removed, if you continue your abusive SAV.
UCEPROTECT might then be your least problem ...
You should really stop using SAV.
Best would be if the Maintainer of Exim would remove that "feature"
in the next release, so that you could no longer abuse other systems.
Johann Steigenberger
I don't think you're going to get anywhere here with your threats. Phil
can reply to you about what the chances are that he's going to remove
SAV because you are going to list Exim users on secret black lists (like
APEWS.ORG).

This forum is a community support forum for Exim users. I don't think
that you coming here to threaten the Exim community is welcome. You made
it clear that you are going to list me and everyone else who uses SAV in
secret block lists that you control. We got your message and understand
it. However - when you threaten the entire Exim community you run the
risk of pissing off a lot of people. I think it's good that you made
these public threatening statements so now we know who you are, what
UCEProtect is all about, and if Exim users get blacklisted we know who
to blame for it.
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Stanislaw Halik
2007-04-24 13:10:57 UTC
Permalink
Post by Johann Steigenberger
The day will come where you will end up in countless private lists
with no chance to be ever removed, if you continue your abusive SAV.
I might be ignorant or something, but SAV never seemed to be a problem
before you brought this up.
--
Whenever you find that you are on the side of the majority, it is time
to reform.
-- Mark Twain
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
Continue reading on narkive:
Loading...