Forgot your password?
typodupeerror

Comment: Re:clueless (Score 1) 172

by Linuxmagic (#43094401) Attached to: Shooting Yourself In the Foot, 21st Century Style
The amazing thing is when politicians 'spam' in any manner, and when a sitting government does this it has a lot greater implications, but it is always interesting how on one hand they want to pass 'Anti-Spam' legislation, and laws about government data being stored in foreign jurisdictions, except of course when it serves their purchase to do the opposite.

Comment: Re:no sympathy (Score 1) 170

by Linuxmagic (#41695017) Attached to: Zero Errors? Spamhaus Flubs Causing Domain Deletions
However, I would think that there is something else wrong afoot.. Some of the biggest verified opt-in lists never seem to appear on any reputation list, why would this be happening to this person. I think more data is needed. Possibly, they aren't following Best Practices for email operators, eg some other funky thing like improperly configured emails, DNS, 'rwhois' or no URL associated with the domain they are using..

Comment: Comes down to the desire of anonymity vs contact (Score 1) 81

This was/is a big issue at every conference, where of course the focus is always placed on 'policing' agencies wanting to know who operates an IP Address, however the concept is a lot greater than that. And of course, there is a perception that even at the highest levels (the Board) there is a lot of pressure by hosting companies who want to accomodate the customers who wish anonymity. The fact is that an IP Address or domain is/are Public lookup , and if you want to have an IP address/domain that is available to the public, you should post some public identity. This is used for a lot more than simply policing. Eg, various reputation services, auditing systems, and legitimate network operators who need to be able to identify the operator. Already, there are policies in place in theory to require this information; we already have tools and policies to do this, the problem that we hear is enforcement, and a mandate to take action during enforcement. There is a lot of finger pointing on this issue even amongst ARIN/ICANN officials and board members. And far too many times we see abusive behavior from 'Privacy Protected' holders of Public information. Now, it can be that the line on how much information about the holder should be publicized, but the operator/organization information at least MUST be provided, and the upstream providers should have a way to validate this information. And this has to be bigger than just ICANN/ARIN. We talk to operators who blatantly state that they do not collect information, and do NOT monitor activity on their networks, because they are concerned that if they 'know' about what is going on, they can be held responsible. Some protection must be given upstream providers, registrars etc, but on the basis they are diligent on getting information of the holders of public resources they assign.

Comment: Re:spammers (Score 1) 241

by Linuxmagic (#41347127) Attached to: RIPE Region Runs Out of IPv4 Addresses
Actually, it isn't just a few thousand, there are /17's used primarily for spamming.. And I don't think anyone is against the idea of IPv6 in general, but we do have to point out that so many people don't even know how to deal with IPv4 space correctly. IPv6 is great for 'clients' however there is lots of justification to keep server to server communications using IPv4. Just take a loot at the complexity and size of dealing with things like IPTables or RBL's needed to hold lists of attackers.. IPv6 opens up the potential attackers by the same number of scale as compared to IPv4. Thats why this time around a lot of technologies will have to be rethought before they can be effectively used in an IPv6 environment.

Comment: Re:LinkedIn has just confirmed the breach (Score 1) 271

by Linuxmagic (#40247779) Attached to: LinkedIn Password Hashes Leaked Online
Oh, this looks fun.. Now we can expect another round of phishing emails for LinkedIn. "These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link." Yep, click on this link from yoru trusted service, honest it is them.. and not a link to a page that asks your for your information so we can match it to the information we have on hand.. oh, and don't worry.. clicking on this will not install a virus/trojan that will get all the rest of your passwords...
Spam

+ - Should SpamRats! charge for access to it's RBL?->

Submitted by
Linuxmagic
Linuxmagic writes "We have a dilemna that we could use some SlashDot readers input in. We have had open access to our RBL for some time, and given the effectiveness of it, it is not surprising that we get more users all the time. Being a company that is founded on open principles as much as possible, the idea of some 'give back' has always been appealing to us, but now that we find more and more cases of people making money on our data collection efforts, some abusers of the priveleges, and just the sheer volume of demand, we are considering should we go the way many other RBL's have, and start charging in some way for access to the data. We are a business after all, and the more people use it, the more resources we should assign to it. We originally built it to solve our own needs, and our MagicMail deployments make for a great data collection grid, but keeping it available does cost us. We would like to get feedback from users, on whether we should commoditize this data, charge only commercial operators, change the way we distribute it, or simply put a small fee on it for everyone. Comments?"
Link to Original Source

Comment: So they wait until people complain, is that right? (Score 1) 71

by Linuxmagic (#35016460) Attached to: Amazon Bulk-Email Service Could Lure Spammers
What ever happened to being responsible for what leaves your network? Recipients, and even email operators often simply give up reporting abuse, as traditionally the success of reporting to abuse departments has been very low. And isn't this a little like closing the barn door after the cow is gone? A simple stolen credit card, and 24 hours head start, boy are we in trouble with that kind of power. And the idea of 'opt-in' or 'permission' based according to current anti spam legislation is so loose, and untraceable that it is laughable. Pity the legitimate users who wish to use EC2 for email, won't take before the only way for users to protect themselves will be to block the source. The email marketers are shooting themselves in the foot, and this sets the stage for some nice legal action. The idea of the sanctity of a users mailbox will have to prevail, and hopefully it will happen before people resort to radical solutions like 'blacklist unknown senders' or stop using email for communication. Just like you have the right to decide who can enter your home, you can decide who can send to your email box, but when it reaches abusive levels from a single source, this has always resulted in drastic measures. At least we hope they force a header 'X-EC2-BULK-EMAIL' ;)

Overload -- core meltdown sequence initiated.

Working...