How
did Chatmag, an Internet Chat Directory, become involved with SPEWS, the
Internet equivalent of school yard bullies? In early May 2003 we had joined
forces with IRC/Unity, a group of IRC Server Administrators dedicated to
fighting the Fizzer Worm (See story of 18
May 2003).
One
of our emails posted to the IRC/Unity group had bounced with a notation
that we were blacklisted by another Blacklist, that uses the SPEWS database.
Not knowing who or what SPEWS was, we investigated. On the SPEWS web site,
we found a link to a Usenet group, operated by SPEWS, which is the only
contact for SPEWS, (their domain name information has been falsified) and
posted a notice that we had been unfairly blacklisted by SPEWS.
Chatmag
is currently hosted by Burst.net, which
had been blacklisted by SPEWS for some time. Until this incident, we were
unaware of any problem, and had heard little of SPEWS.
Reading
some of the comments posted, and after receiving several emails from SPEWS
supporters, we determined that the tactics employed by SPEWS most closely
resembles that used by organized crime to intimidate victims. SPEWS
contends that anyone using a Hosting Provider which hosts a spammer
is as guilty of spamming as the spammer themselves, and blacklists entire
blocks of IP's, including Chatmag's in the case of the blacklist of Burst.net.
Chatmag
does not spam, and operates one email list, for internal use only.
In 1998 the idea of email marketing our Internet Directory was brought
up and immediately rejected. We are in no way linked to spammers,
regardless of the contention by SPEWS that as long as we are using Burst.net
as our dedicated server host, we are as guilty of spamming as the spammers.
Our long term plans were to move to Chatmag owned and operated servers
this year, however we have decided to stay on Burst.net for the foreseeable
future, in addition to opening our server center in Gainesville, Florida.
We will not be intimidated by organizations or individuals that employ
the RICO-like tactics that SPEWS espouses.
Judging
by the recent turn of events regarding the demise of Osirusoft, I believe
that SPEWS days are numbered. At present, they are seeking a new
host for their site. Given that SPEWS has blacklisted a majority
of web hosts, simply finding a host that they have not angered at some
time in the past is going to be a monumental task. And it is doubtful
any web host will want to take on SPEWS, in fear of possible litigation,
or other problems associated with hosting SPEWS.
Terry
Gilsenan and SPEWS
I
did some research into SPEWS, and visited their web site, www.spews.org
where we found the reference to our entry, and contact information for
SPEWS. The only contact information as you know is via a Usenet group,
commonly referred to as NANAE.
I
posted a notice on NANAE that we had been blocklisted by SPEWS, and that
we felt that it was not a block as a result of anything Chatmag had done.
The responses we received, both in the NANAE group, and via private emails,
led us to question a group that would use such tactics, and remain themselves
unaccountable.
One
word that I found being used regularly was "cartooney" also written as
"cart00ney", and used to mean a legal threat against SPEWS. We did a google
on both words, coming up with the web site
http://www.cart00ney.org
and registered
to Terry Gilsenan. Visiting the cart00ney.org site, we read the FAQ
page, which in part states:
"FAQ
Q.
Hey, my domain is on the list, how do I get off this list?
A.
Read the details record for your domain, and publish in the same
forum
of the original threat, a complete retraction, then post to the
N.A.N.A.E
news group stating the actions taken, and then wait."
The
"N.A.N.A.E" is hyper linked to the exact same Google Group that SPEWS references
on their site as a "contact" for SPEWS.
Cart00ney.org
lists persons or companies that have made legal threats in the N.A.N.A.E
list. Does this have anything to do with SPEWS? This "cart00ney"
points directly to SPEWS. If Terry Gilsenan has nothing to do with SPEWS,
why would he maintain that blocklist?
Cart00ney.org
is also Copyright 2002 wewak.net which is registered to an entity in New
Guinea, and all contact information is in "tok pisin" or pidgen english.
Several postings refer to wewak.net as administrating SPEWS. (Note: Terry
Gilsenan has changed the Whois information for wewak.net and posted himself
as Administrative and Technical Contact, and with all other evidence present,
clearly is aligning himself as the administrator of SPEWS. Update 6 Sept.
2003 Wewak.net is now registered through Domains by Proxy, a third party
registration service designed to hide from public view the true registrar.
Wewak.net DNS still points to weblistix.com.)
A
posting in the Google group seems to point the finger away from any connection
between SPEWS, cart00ney.org and wewak, and sent by an administrator at
weblistix.com Weblistix is registered to Terry Gilsenan, and in this
particular posting, the "administrator" mentions forwarding a legal
threat (cart00ney) to the N.A.N.A.E group, and cart00ney.org, as if it
were a separate entity, when in fact it is registered to him.
One
remark on that page is particularly curious, "The Spews.org domain does
not belong to a client of ours, I apparently belongs to a client of our
client wewak.net." I'm at a loss as to the meaning of that, but it seems
to give the reader the impression that weblistix does not know who they
belong to. It may also be a typo, the "I" reads more clearly as "it".
The
cart00ney.org site maintains a block
list of legal threats made in
Google
groups, most originally posted on N.A.N.A.E One
of many we found in their block list was clearly sent to N.A.N.A.E
Again,
the Cart00ney.org/Gilsenan connection. The cart00ney.org
blocklist
contains links to details, a random sample shows the majority of legal
complaints were posted to N.A.N.A.E. An interesting side note regarding
SPEWS and cart00ney.org, in the SPEWS FAQ, there is a notation:
"Q32:
Are you associated with any other SPEWS domains?
A32:
Nope, SPEWS.ORG is our only site. We have no idea what any others are."
Odd
that both SPEWS and cart00ney.org mention posting on N.A.N.A.E. yet SPEWS
has no knowledge of cart00ney.org A post
of 16 Mar. 2002 by Terry Gilsenan demonstrates otherwise:
The
line: "whats the bet that next is the cart00ney?" by Terry clearly
points
to a connection between cart00ney.org, his registered site, and SPEWS.
The
wewak.net connection. It seems that most every post in N.A.N.A.E points
to wewak.net as the "host" of SPEWS.
One
in particular mentions wewak under a DDoS attack, and suggesting wewak.net
to move SPEWS to another server.
Also
contained in that particular post is a mention of Terry Gilsenan
speaking
english. The wewak.net registration is not in english, but "tok pisin",
commonly used in New Guinea. (contact information changed as of 27 August
2003) Does Terry Gilsenan know "tok pisin"? This
post confirms that fact.
Cart00ney.org
is registered to Terry Gilsenan. Cart00ney.org is
copyright
2002 wewak.net. Also, on Terry Gilsenan's site home
page, it states:
"Providing
Systems Support in Australia, Papua New Guinea, and into Asia.". Fission-chips.com.au
is registered to Terry Gilsenan, and has business dealings with New Guinea,
home of wewak.net.
Terry
Gilsenan also seems to know quite a bit regarding spam, as seen on several
posts in various groups.
Neohapsis.
Referring to "Joe Jobs".
Neohapsis.
Referring to blocking spam.
Neohapsis.
Referring to a spamming domain.
Alexa
ranking for SPEWS.org also points
to Wewak.net. (Note: Alexa has since changed this page).
Is
Terry Gilsenan SPEWS? All that I have found points to a definite connection
between himself, wewak.net, cart00ney.org and SPEWS. It is my opinion that
Terry Gilsenan is the administrator of SPEWS.
We
are as much against spam as any other reputable company,
and
do our part to educate Internet users to the dangers of spam/scam emails.
All of our received emails are held for inspection by representatives of
any legitimate business wishing to contest our findings. The key
is accountability, which SPEWS disregards.
The
original concept of a block list is workable. However, the SPEWS "collateral
damage" method is at best unworkable, and at worst, a violation of RICO
Section 1951. I think that Terry Gilsenan set up SPEWS, and without
a clear business outline, found that SPEWS got out of control. A
SPEWS type blacklist should follow a few principles, taking perhaps the
Underwriters Laboratory or Consumer Reports models as a guide.
First,
there must be accountability, which means the organization must
remain
apart from any commercial entity, and be easily contacted by
regular
channels, not in a Usenet News Group.
Second,
there should be an arbitration process, with perhaps an
unassociated
third party as a referee. Alleged spammers should be
able
to refute the allegations, in a rational, mature manner.
Third,
if an alleged spammer is found to be spamming, then their
domain
IP could be added to a blacklist, but no other IP associated
with
a web host. In my case, my site is hosted on Burst.net Several
years
ago, there were two or three spam outfits renting servers from
Burst.
This information was passed on to SPEWS, and over the past
year,
SPEWS blacklisted every other Burst.net customer, myself
included.
For the alleged spam sins of a few, over 15,000 separate
domains
had their emails bounced by the SPEWS blacklist.
Fourth.
SPEWS argument regarding allocation of IP addresses. SPEWS maintains
that if you move into an IP range that also holds or held spammers you
are guilty of association, and your IP will be blocked. Their argument
is that it is a "bad neighborhood". Even if the IP had been used at one
time by spammers, if you are not a spammer, you should not be punished
for owning the IP. If you were to purchase the property at 7244 South
Prairie Avenue in Chicago, once owned by Alphonse Capone, would this then
make you a gangster, or simply a person that owns property with a checkered
past? SPEWS argument that owning an IP once used by spammers is invalid.
The
primary reason I devoted my time to tracking down the
Administrator
of SPEWS was that I saw that if left unchecked, SPEWS
would
go further out of control. In recent months, SPEWS has managed
to
anger a good number of persons with the ability to mount a DDoS
attack
against both SPEWS and Osirusoft, a provider of the SPEWS
blacklist.
I saw this as an escalation that had an impact beyond the
simple
email blocks, and believe that in bringing SPEWS into the
light,
SPEWS will cease publication of their blacklist, or face what
is
sure to be a large number of lawsuits by affected companies and
individuals.
It is well known that SPEWS kept their identity secret
in
order to avoid lawsuits, and with this revelation, they have no
choice
but to either act responsibly, or cease operations.
In
going through the Usenet archives, I found many instances of thinly
veiled
threats by SPEWS supporters against alleged spammers and
the
"collateral damage" casualties, including one remark that
"just
be glad noones
firebombed your NOC". (The NOC referenced is Burst.net where
Chatmag is hosted, I take this as a threat to Chatmag itself). I could
see that if left as-is, there would most likely be real physical harm done
to either an
alleged
spammer or SPEWS supporter, and this also motivated me to act.
Contacting
Terry Gilsenan
Administrative
Contact:
Gilsenan, Terry thg@fission-chips.com.au
Weblistix
5/149 English St.
Cairns, QLD 4870
Australia
+61(7)4032-4454
Terry
Gilsenan and the others involved had a good concept, however, blacklisting
thousands of innocent domains and even Nations goes way beyond reason.
It is time for SPEWS to be brought out into the light, rethink their methods,
and formulate a course of action that would help stem the tide of spam,
while being held accountable for their actions.
11
June 2004 SPEWS in recent months has slipped far behind other blocking
list services, and currently has little if any real effect on email spam.
Checking the
NANAE
Google Group shows very few "collateral damage" complaints, and little
activity from spammers complaining about being listed in SPEWS. SPEWS
will in all probability live on for a time, and then like all other poorly
conceived notions, fade into the Internet history books.
30
December 2004 Google Groups and SPEWS. The recent changes at Google
Groups, demonstrates that SPEWS has no reliable method of contact.
Most people responding to a SPEWS listing post their messages on NANAE,
as per the SPEWS FAQ for contacting them. With the changes at Google
Groups, SPEWS must devise a more secure method of contact. Should Google
decide to discontinue the Groups, SPEWS will have no alternative but to
create their own dedicated Discussion Forum, on their server.
2008.
SPEWS is no more.
Proposal
to SPEWS, first published in NANAE.
Leadlistbuilder.com
and SPEWS on the same web server.
Attempting
to access Leadlistbuilder.com redirects to SPEWS.org
A
former spam site, with several mentions in SPEWS, now a part of SPEWS?
Reprinting
Information. This article may be reprinted in the form of brief quotes,
with credit to Chatmag News.
Full
text reprints by permission, with credit to Chatmag News, please email
your request to:
Anti-Spam
Informational Sites
