Return to SpamBlocked.com Main Page

Subject: HOW TO GET YOUR IP ADDRESSES REMOVED FROM SPEWS

HOW TO GET YOUR IP ADDRESSES REMOVED FROM SPEWS:

First off - DO NOT POST to news.admin.net-abuse.email demanding, or
even requesting, to be removed. Read the rest of this carefully and
completely, first.

Lookup your SPEWS record. You can look this up by entering your IP
address in the form at http://www.spews.org/. Make a note of the
record number - it will start with an S and be followed with a
number - you may need this for reference later.

Look over the record. The first few entries should be individual
IP's, or very small blocks of IPs. This is the actual spammer. If
you see your IP/domain there, you are probably a spammer. You dont
need to read any further. Please shut down your operation and find
an honest job. If your ISP is reading this, then they might be
about to shut you down anyway.

Ok, if you are still reading then we suppose you arent the actual
spammer. Maybe we have some better advice for you. Now below the
first few entries, there should be some larger ranges of IP blocks
listed. In the parenteses afterwards, there will be the name of the
ISP that those IPs are allocated to (Eg, the ISP that 'owns' those
blocks) If you see your name there, or you see ranges of IP address
which are WHOLLY owned by you, then you are the ISP providing
service to the spammer. Look at the first few records again.
Recognize a customer of yours? You are the ISP providing service to
a spammer. If not, but you recognize the name of your ISP, skip down
to the section marked 'END USER'

If you are the ISP, to get out of SPEWS, you need to terminate all
service provided to that customer - dont move them to a new IP, dont
give them a warning (you would have had your chance to do that a
long time ago before you were listed in SPEWS ), dont give them time
to find a new provider, and dont help them make a 'smooth
transition' *SHUT* *THEM* *DOWN* *ABRUPTLY* Disconnect them from
your network, take their domains and sites off your webservers,
remove all DNS records from their domain. This author feels its ok
to leave a zonefile with NOTHING but an SOA record only to prevent a
lame delegation - others may disagree - but definitely remove all
mail excahnger [MX] and IP address [A] records. This author does not
know if wether SPEWS agrees with this or not. Make absolutely sure
they can neither send spam, nor receive responses to previous spam
(either by email or web), via anything to do with any network or
other resource under your control. If for some reason you dont
beleive they are spammers, look lower in the SPEWS record. most of
them should have copies of the actual messages sent, complete with
headers, that the recipient did NOT request or want. If you still
dont beleive it, then enjoy being in SPEWS. The only way to get out
is to shut them down. If you need help understanding why they are
spammers, read the Usenet group news.admin.net-abuse.email (NANAE)
for a while. If you still dont understand, you *might* consider
posting there asking for help. Be prepared for a good portion of the
responses to your post to be insulting and otherwise deragotary to
you, your company, and perhaps even your parents, but keep reading.
eventually, if your post was honest, polite, and didnt insult the
intelligence of people who dont like to receive crap in their
mailbox, somewhere in all the flames there are likely to be some
useful answers to your question.

Once you've shut down all spammers on your network, you might
consider posting a (brief, non-sarcastic, to-the-point) message to
NANAE noting that fact. Use a subject of "SPEWS: Sxxx" where Sxxx is
your spews record number, and this might get it noticed more quickly
by SPEWS. Dont post this if you havent really completely shut them
all down - if you lie, its likely you will stay listed in SPEWS
longer than if you hadn't. You dont really even need to request
removal - really and truly completely disconnecting the spammers
from your services as described above should be taken as sufficient
to indicate you want out (not that anyone really wants to be in
SPEWS anyway, of course)

Your IP's may not be removed from SPEWS immediately. You will
probably have to wait a while, both while SPEWS makes sure you
really did shut down those customers, and to give you a bit of time
to think about how you got in SPEWS and how to stay out in the
future. Its possible that the longer it took you to disconnect the
spammer after reports were sent to you, the longer you might stay in
SPEWS after you do finally shut them down. If you had shut them down
in a timely fashion, you might never have gotten listed in SPEWS at
all.

If a signifigant period of time passes after you have completely and
totally stopped providing any services to the customer that was
spamming, then you might consider posting a courteous inquire to
NANAE asking for assistance. Use the same subject with "SPEWS:" and
your record number. Be sure to indicate when you disconnected the
spammers, and again, dont lie. If the spammers are still in
operation using your services, anyone with a clue and a whois tool
can and will be able to see that. You will not be removed so long as
you are providing any service to spammers.

'END USER'

Ok, if you are not the spammer, and you are not the ISP providing
service to the spammer, but you are a customer of the ISP that is
providing service to the spammer, then this section is for you.
First off, one key point - *YOU* are not listed in SPEWS. Your
*ISP*'s IP addresses are listed, apparently including some of the
ones they've assigned to you, or that they use to provide services
to use (eg, their mail relay server, possibly. It doesnt matter if
you are totally anti-spam, and your servers are as secure as Fort
Knox. Your *ISP* is providing connectivity, or hosting, or
something, to people who are abusing the Internet, and your ISP
refuses to shut them down, or ignores spam reports entirely. There
is nothing *YOU* can do directly to get those IP's removed. There
are severl indirect things you can try, however. First off, as a
paying customer, there is a slightly higher chance that your ISP
might be willing to listen to your complaints. Contact them and
point out that they are listed in SPEWS (although they'd have to be
quite ignorant not to already know, unless they were *just* added),
and maybe even forward them a copy of this document. Be sure to tell
them which of their IP's that you use that are listed, and maybe
even forward them the URL to the SPEWS record you looked up above.
If you tried to send mail and it bounced with a reference to SPEWS,
maybe even include a copy of that bounce as well. Your goal here is
to get them to take the steps outlines above (that you skipped over,
but feel free to now go back and read over them to see what they
need to do to get out of SPEWS). You might tell them you will have
to switch ISP's if they dont (even if you arent in a position to do
that, unless they know that) If you can get them to shut off their
spammers, that is the best outcome. However, many ISP's care more
about the spammers money than they do about the integrity of the
Internet, so even you may get nowhere. As long as you are their
customer, and they havent fixed the problem, keep pestering them
about it. Sometimes repetition helps.

If in the end, you cant get them to shut down their spammers and get
removed from SPEWS, you have a few other options (assuming the goal
here is for you to be able to do whatever it is that some other
network is blocking becuase of the SPEWS listed, most commonly, send
email to someone)

Of your other options, one, is to switch ISP's. You should try to
check out your choices for a new ISP, and make sure you wont land in
the same boat you are now. If you get dedicated IP connectivity or
you have servers, you might want to try and find out what IP's they
are going to assign you before you sign the contract, and then check
SPEWS to see if they are listed - if they are - DONT SIGN! You might
want to check over their AUP. Ask them how well it is enforced. Ask
them how stict they are about spamming. Even mention the reason you
are switching, that your previous ISP got listed in spews because
they wouldnt shut down spammers (Be careful not to sound like *you*
are a spammer though, if they are a good ISP they might refuse to
provide you service if they think you are asking becuase you want to
send spam) Maybe even make sure the contract you include has a
gurantee that the IP's they give you wont get listed in SPEWS due to
any action or inaction on the ISP's part (you probably wont have
much chance getting them to do that though, but if you do, it might
be worth bragging about on NANAE)

Two, find someone with a server on another network, that is not
listed on SPEWS, that will agree to relay your mail for you. They
might list your specific IP in an access list entry, or they might
require you to use SMTP Authentication. Either way, you set your
servers to 'smart host' to that other server, then it carries out
the rest of the delivery from its non-SPEWS lists IP address. The
technical details for doing that are far too complicated and varied
to include here, but you might be able to find someone you can pay
for consulting if you post to NANAE. Maybe even the service
providing the relaying will be able to help you set it up.

A third option, if you're trying to send mail to just a few people,
and those people have the option of 'whitelisting' your email
address or IP address (either they run their own mailservers, or
their ISP gives them some sort of controls to bypass the SPEWS
restriction), is to have them do just that. This isnt feasible if
you are running a mailing list or need to be able to send everywhere
on the net - its for the case where you need to send mail to people
who are business partners or associates, employee/er(s), family
members, etc.

The fourth option, if none of the above will work for you, is to
live with it. You get service from a 'black hat' ISP. Maybe they
will lower their rates to encourage customers to stay with them,
since they are making money off the spammers. You'll at least get to
save money, even though you arent getting decent Internet service.