Main Page | See live article | Alphabetical index

Spam Prevention Early Warning System

The Spam Prevention Early Warning System (SPEWS) is an anonymous service which maintains a list of IP address ranges belonging to Internet service providers which host spammers. It is used by numerous Internet sites as a source of information about the senders of unsolicited bulk email, better known as spam.

SPEWS itself publishes a large text file containing its listings, and operated a database where users may query the reasons for a listing. Users of SPEWS can reprocess these data into formats usable by software for mail filtering.

For instance, until recently many mail sites used a DNSBL based on SPEWS data, operated at spews.relays.osirusoft.com. This DNSBL was shut down on August 27, 2003 after several weeks of denial of service attack. A number of other DNSBLs exist based on the SPEWS data, which remain accessible to the public via the web site.

There is a certain degree of controversy regarding SPEWS' anonymity and its methods. SPEWS remains anonymous to avoid harassment and barratrous lawsuits of the sort which have hampered other anti-spam services such as the MAPS RBL and ORBS. Some regard this anonymity as irresponsible, while others find it sensible. In addition, many ISP clients whose providers are listed on SPEWS take umbrage that their own IP addresses are associated with spamming, and that their mail may be blocked by users of the SPEWS data.

Discussions of SPEWS online have frequently degenerated into flamewars. In these, many arguments are based on misconceptions, such as the claim that SPEWS "blocks" email from listed sites. In fact, SPEWS merely publishes a listing, which mail server operators may choose to act upon in various ways, such as by blocking email from the listed address.

Table of contents
1 Process
2 Criticism of SPEWS
3 Counter Argument
4 Contacting SPEWS
5 Getting Out Of SPEWS
6 Changing Service Providers
7 Notice
8 Related articles
9 External links

Process

The precise process by which SPEWS gathers data about spam sources is unknown, and it is likely that the operators use multiple techniques.

SPEWS seems to collect some information from honeypots -- mail servers or single email addresses to which no legitimate mail is received. These may be dummy addresses which have never sent any email (and certainly have never requested to be subscribed to mailing lists). They may also be placed as bait in the header of a Usenet post or on a Web page, where a spammer might discover them and choose to spam them.

The SPEWS Web site makes clear that when spam is received, the operators file a complaint with the ISP or other site responsible for the spam source. Only if the spam continues after this complaint is the source listed. However, SPEWS is anonymous -- when these complaints are sent, they are not marked as being from SPEWS, and the site is not told that ignoring the complaint will result in a listing. This has the effect of determining the ISP's response to a normal user's spam complaint, and also discourages "listwashing" -- continuing to spam, but with the complaining address removed from the target list.

If the spam does not stop over time, SPEWS increases the size of the address range listed. This process is repeated, conceivably until the entire netblock owned by the offending service provider is listed.

Criticism of SPEWS

No one knows how many service providers use the SPEWS list to reject mail. The number is enough, though, to make people who are listed as spammers, neighbours of spammers, or service providers of spammers quite upset.

One criticism is that it often lists IP ranges of companies that do not spam, or even have strong anti-spam policies. This is because eventually the entire area of a service provider that hosts a spammer can be effected -- something like blocking all e-mail from UUNET, in order to get UUNET to stop hosting a spammer. In particular this is sometimes seen as guilt by association.

Conceivably, entire nations could be listed if they only had a small number of ISPs, all of them with serious enough abuse problems. In particular, Nigeria and China seem to be subject to very large blocks, though by no means even a majority of either nation's network ranges are listed. Some people may feel that there is no choice for people in countries that are listed, and it becomes a matter of freedom of speech.

Counter Argument

The most common argument is that no company is required to financially support spam. That if spam continues to increase, it may eventually make e-mail impossible. Thirdly, use of SPEWS is voluntary.

Contacting SPEWS

SPEWS' website is located at http://www.spews.org/. SPEWS does not operate a mail server, so it cannot be sent e-mail.

The SPEWS domain and its own address block are registered in Irkutsk, Russia -- quite an out-of-the-way place, and not subject to subpoena from the United States, New Zealand, or other nations likely to host spammer lawsuits. Like the organization's anonymity, this reduces the chance of harassment or barratry against SPEWS.

SPEWS, whoever they are, monitor the newsgroup news.admin.net-abuse.email (NANAE).

WARNING: There is no moderator for this news group. This news group reads like dispatches from a war zone. People who send spam harvest e-mail addresses from this group; perhaps as revenge - or maybe they just have a sense of humour. Before posting to this news group, ensure that you either munge the from line of your post, or post anonymously.

This place can be rough. Threats of legal action can are somewhat common. On the other hand, it's a great place for some entertainment. People on NANAE recommend lots of popcorn.

Getting Out Of SPEWS

Your service provider, or you (if you are a service provider) should have the following e-mail addresses working, answered, and not re-directed to /dev/null.

Failure to have these addresses working will possibly prevent your address from being removed from SPEWS.

Writing To NANAE

If you are spamming:
1. STOP spamming! Now!
2. Make sure all e-mail lists are opt-in. This means that each person must request to receive advertising e-mail and where this is done on something like a program registration, an e-mail informing each person that they are going to receive advertising with the option of opting out.
3. Create a news article in news.admin.net-abuse.email with the subject SPEWS #### (whatever your case number is -- see the SPEWS Web site).
4. Be polite.
5. DO NOT THREATEN LEGAL ACTION -- really! Keep your cool and DO NOT THREATEN LEGAL ACTION. Some system administrators are known for taking revenge by increasing block size on people who threaten legal action. After legal threats, system operators are known to add comments to their block list like 'remove after the heat death of the universe'.
6. Apologize. Grovel. Admit to the errors of your ways. Promise never-ever-ever to do it again. It is probably a bad idea to offer excuses. Be prepared to wait. Eventually you will be de-listed. If you re-start spamming, be prepared for a much longer period of being listed in spews.

If you are not doing the spamming:
1. Find out who is doing the spamming. Go to the SPEWS Web site.
2. Talk to your service provider about the person doing the spamming.
3a. Your service provider agrees to stop the spamming, but not terminate the spammer: It will be a long wait. Eventually you will be delisted. You may wish to find another service provider for your e-mail, while this is happening.
3b. Your service provider is not interested in your complaints: The following advice was given to someone who's entire country was blocked:
* Complain to your country and get them to stop hosting spammers.
* Move to a different country.
* Live with it.
optionally, you may wish to send all e-mail through a white hat service provider, assuming your country has one.
3c. Your service provider has terminated the spammer. See immediately below.

If you are a service provider who hosts a spammer:
1. Terminate their service NOW!
2. Create a news article in news.admin.net-abuse.email with the subject SPEWS #### (whatever your case number is - see the SPEWS Web site).
3. Be polite.
4. DO NOT THREATEN LEGAL ACTION! Some people think it is fun to take revenge years after people threaten legal action. If you threaten legal action, expect to have your site blocked long after the second coming by a number of system administrators.
5. Apologize. Promise to kill spammers quicker next time. Do not claim you didn't know. Excuses are probably not helpful. Make sure the mailing address abuse@[your site] exists, and is answered by a human. If you re-start hosting spamming, be prepared for a much longer period of being listed in SPEWS, with a lot more of your IP addresses being blocked. It is quite likely that some of these blocks will not be removed for years.

Changing Service Providers

1. Make sure that your new service provider does not host spammers.
2. sign contracts, whatever
3. post a notice in news.admin.net-abuse.email with the subject line SPEWS #### I'm moving! (get the number from the SPEWS Web site).
4. Say in the body of your message that you are moving (name of company, current IP address, new IP address). Provide the date of the move. Provide the name of the new service provider. Ask that your IP address be delisted from SPEWS. In some instances, where the move is within a week or so, the IP address may be delisted by SPEWS.
5. Have your new service provider respond, verifying your information (optional) but helpful.

Note, known spammers who move to a new service provider may find that they are blocked before they have a chance to send e-mail. The "EW" in SPEWS stands for "early warning".

People who talk to you in NANAE do not know who SPEWS is. They do not represent SPEWS. Many of them use SPEWS, and are fairly fanatical in their support of SPEWS. People who are opposed to SPEWS also post in NANAE. Some of these people are fairly fanatical in opposition to SPEWS.

Notice

No person who has edited this article is a member of SPEWS, or even knows what SPEWS is. All information contained in this article is not verified. Additional information on SPEWS, by people who are also not members of SPEWS, and who also don't know who they are (but do use the list), can be obtained from news.admin.net-abuse.email. See the warning above about posting to this newsgroup.

Related articles

External links

FAQ links:

The people in NANAE are seasoned war veterans who have developed their own terminology and way of doing things. Sometimes posts mysteriously disappear from NANAE; casualities of war. The program Dave the Resurrector usually recovers these vandalized posts.