did Chatmag, an Internet Chat Directory, become involved with SPEWS, the
Internet equivalent of school yard bullies? In early May 2003 we had joined
forces with IRC/Unity, a group of IRC Server Administrators dedicated to
fighting the Fizzer Worm (See story of 18
of our emails posted to the IRC/Unity group had bounced with a notation
that we were blacklisted by another Blacklist, that uses the SPEWS database.
Not knowing who or what SPEWS was, we investigated. On the SPEWS web site,
we found a link to a Usenet group, operated by SPEWS, which is the only
contact for SPEWS, (their domain name information has been falsified) and
posted a notice that we had been unfairly blacklisted by SPEWS.
is currently hosted by Burst.net, which
had been blacklisted by SPEWS for some time. Until this incident, we were
unaware of any problem, and had heard little of SPEWS.
some of the comments posted, and after receiving several emails from SPEWS
supporters, we determined that the tactics employed by SPEWS most closely
resembles that used by organized crime to intimidate victims. SPEWS
contends that anyone using a Hosting Provider which hosts a spammer
is as guilty of spamming as the spammer themselves, and blacklists entire
blocks of IP's, including Chatmag's in the case of the blacklist of Burst.net.
does not spam, and operates one email list, for internal use only.
In 1998 the idea of email marketing our Internet Directory was brought
up and immediately rejected. We are in no way linked to spammers,
regardless of the contention by SPEWS that as long as we are using Burst.net
as our dedicated server host, we are as guilty of spamming as the spammers.
Our long term plans were to move to Chatmag owned and operated servers
this year, however we have decided to stay on Burst.net for the foreseeable
future, in addition to opening our server center in Gainesville, Florida.
We will not be intimidated by organizations or individuals that employ
the RICO-like tactics that SPEWS espouses.
by the recent turn of events regarding the demise of Osirusoft, I believe
that SPEWS days are numbered. At present, they are seeking a new
host for their site. Given that SPEWS has blacklisted a majority
of web hosts, simply finding a host that they have not angered at some
time in the past is going to be a monumental task. And it is doubtful
any web host will want to take on SPEWS, in fear of possible litigation,
or other problems associated with hosting SPEWS.
Gilsenan and SPEWS
did some research into SPEWS, and visited their web site, www.spews.org
where we found the reference to our entry, and contact information for
SPEWS. The only contact information as you know is via a Usenet group,
commonly referred to as NANAE.
posted a notice on NANAE that we had been blocklisted by SPEWS, and that
we felt that it was not a block as a result of anything Chatmag had done.
The responses we received, both in the NANAE group, and via private emails,
led us to question a group that would use such tactics, and remain themselves
word that I found being used regularly was "cartooney" also written as
"cart00ney", and used to mean a legal threat against SPEWS. We did a google
on both words, coming up with the web site
to Terry Gilsenan. Visiting the cart00ney.org site, we read the FAQ
page, which in part states:
Hey, my domain is on the list, how do I get off this list?
Read the details record for your domain, and publish in the same
of the original threat, a complete retraction, then post to the
news group stating the actions taken, and then wait."
"N.A.N.A.E" is hyper linked to the exact same Google Group that SPEWS references
on their site as a "contact" for SPEWS.
lists persons or companies that have made legal threats in the N.A.N.A.E
list. Does this have anything to do with SPEWS? This "cart00ney"
points directly to SPEWS. If Terry Gilsenan has nothing to do with SPEWS,
why would he maintain that blocklist?
is also Copyright 2002 wewak.net which is registered to an entity in New
Guinea, and all contact information is in "tok pisin" or pidgen english.
Several postings refer to wewak.net as administrating SPEWS. (Note: Terry
Gilsenan has changed the Whois information for wewak.net and posted himself
as Administrative and Technical Contact, and with all other evidence present,
clearly is aligning himself as the administrator of SPEWS. Update 6 Sept.
2003 Wewak.net is now registered through Domains by Proxy, a third party
registration service designed to hide from public view the true registrar.
Wewak.net DNS still points to weblistix.com.)
posting in the Google group seems to point the finger away from any connection
between SPEWS, cart00ney.org and wewak, and sent by an administrator at
weblistix.com Weblistix is registered to Terry Gilsenan, and in this
particular posting, the "administrator" mentions forwarding a legal
threat (cart00ney) to the N.A.N.A.E group, and cart00ney.org, as if it
were a separate entity, when in fact it is registered to him.
remark on that page is particularly curious, "The Spews.org domain does
not belong to a client of ours, I apparently belongs to a client of our
client wewak.net." I'm at a loss as to the meaning of that, but it seems
to give the reader the impression that weblistix does not know who they
belong to. It may also be a typo, the "I" reads more clearly as "it".
cart00ney.org site maintains a block
list of legal threats made in
groups, most originally posted on N.A.N.A.E One
of many we found in their block list was clearly sent to N.A.N.A.E
the Cart00ney.org/Gilsenan connection. The cart00ney.org
contains links to details, a random sample shows the majority of legal
complaints were posted to N.A.N.A.E. An interesting side note regarding
SPEWS and cart00ney.org, in the SPEWS FAQ, there is a notation:
Are you associated with any other SPEWS domains?
Nope, SPEWS.ORG is our only site. We have no idea what any others are."
that both SPEWS and cart00ney.org mention posting on N.A.N.A.E. yet SPEWS
has no knowledge of cart00ney.org A post
of 16 Mar. 2002 by Terry Gilsenan demonstrates otherwise:
line: "whats the bet that next is the cart00ney?" by Terry clearly
to a connection between cart00ney.org, his registered site, and SPEWS.
wewak.net connection. It seems that most every post in N.A.N.A.E points
to wewak.net as the "host" of SPEWS.
in particular mentions wewak under a DDoS attack, and suggesting wewak.net
to move SPEWS to another server.
contained in that particular post is a mention of Terry Gilsenan
english. The wewak.net registration is not in english, but "tok pisin",
commonly used in New Guinea. (contact information changed as of 27 August
2003) Does Terry Gilsenan know "tok pisin"? This
post confirms that fact.
is registered to Terry Gilsenan. Cart00ney.org is
2002 wewak.net. Also, on Terry Gilsenan's site home
page, it states:
Systems Support in Australia, Papua New Guinea, and into Asia.". Fission-chips.com.au
is registered to Terry Gilsenan, and has business dealings with New Guinea,
home of wewak.net.
Gilsenan also seems to know quite a bit regarding spam, as seen on several
posts in various groups.
Referring to "Joe Jobs".
Referring to blocking spam.
Referring to a spamming domain.
ranking for SPEWS.org also points
to Wewak.net. (Note: Alexa has since changed this page).
Terry Gilsenan SPEWS? All that I have found points to a definite connection
between himself, wewak.net, cart00ney.org and SPEWS. It is my opinion that
Terry Gilsenan is the administrator of SPEWS.
are as much against spam as any other reputable company,
do our part to educate Internet users to the dangers of spam/scam emails.
All of our received emails are held for inspection by representatives of
any legitimate business wishing to contest our findings. The key
is accountability, which SPEWS disregards.
original concept of a block list is workable. However, the SPEWS "collateral
damage" method is at best unworkable, and at worst, a violation of RICO
Section 1951. I think that Terry Gilsenan set up SPEWS, and without
a clear business outline, found that SPEWS got out of control. A
SPEWS type blacklist should follow a few principles, taking perhaps the
Underwriters Laboratory or Consumer Reports models as a guide.
there must be accountability, which means the organization must
apart from any commercial entity, and be easily contacted by
channels, not in a Usenet News Group.
there should be an arbitration process, with perhaps an
third party as a referee. Alleged spammers should be
to refute the allegations, in a rational, mature manner.
if an alleged spammer is found to be spamming, then their
IP could be added to a blacklist, but no other IP associated
a web host. In my case, my site is hosted on Burst.net Several
ago, there were two or three spam outfits renting servers from
This information was passed on to SPEWS, and over the past
SPEWS blacklisted every other Burst.net customer, myself
For the alleged spam sins of a few, over 15,000 separate
had their emails bounced by the SPEWS blacklist.
SPEWS argument regarding allocation of IP addresses. SPEWS maintains
that if you move into an IP range that also holds or held spammers you
are guilty of association, and your IP will be blocked. Their argument
is that it is a "bad neighborhood". Even if the IP had been used at one
time by spammers, if you are not a spammer, you should not be punished
for owning the IP. If you were to purchase the property at 7244 South
Prairie Avenue in Chicago, once owned by Alphonse Capone, would this then
make you a gangster, or simply a person that owns property with a checkered
past? SPEWS argument that owning an IP once used by spammers is invalid.
primary reason I devoted my time to tracking down the
of SPEWS was that I saw that if left unchecked, SPEWS
go further out of control. In recent months, SPEWS has managed
anger a good number of persons with the ability to mount a DDoS
against both SPEWS and Osirusoft, a provider of the SPEWS
I saw this as an escalation that had an impact beyond the
email blocks, and believe that in bringing SPEWS into the
SPEWS will cease publication of their blacklist, or face what
sure to be a large number of lawsuits by affected companies and
It is well known that SPEWS kept their identity secret
order to avoid lawsuits, and with this revelation, they have no
but to either act responsibly, or cease operations.
going through the Usenet archives, I found many instances of thinly
threats by SPEWS supporters against alleged spammers and
"collateral damage" casualties, including one remark that
be glad noones
firebombed your NOC". (The NOC referenced is Burst.net where
Chatmag is hosted, I take this as a threat to Chatmag itself). I could
see that if left as-is, there would most likely be real physical harm done
to either an
spammer or SPEWS supporter, and this also motivated me to act.
Gilsenan, Terry firstname.lastname@example.org
5/149 English St.
Cairns, QLD 4870
Gilsenan and the others involved had a good concept, however, blacklisting
thousands of innocent domains and even Nations goes way beyond reason.
It is time for SPEWS to be brought out into the light, rethink their methods,
and formulate a course of action that would help stem the tide of spam,
while being held accountable for their actions.
June 2004 SPEWS in recent months has slipped far behind other blocking
list services, and currently has little if any real effect on email spam.
Google Group shows very few "collateral damage" complaints, and little
activity from spammers complaining about being listed in SPEWS. SPEWS
will in all probability live on for a time, and then like all other poorly
conceived notions, fade into the Internet history books.
December 2004 Google Groups and SPEWS. The recent changes at Google
Groups, demonstrates that SPEWS has no reliable method of contact.
Most people responding to a SPEWS listing post their messages on NANAE,
as per the SPEWS FAQ for contacting them. With the changes at Google
Groups, SPEWS must devise a more secure method of contact. Should Google
decide to discontinue the Groups, SPEWS will have no alternative but to
create their own dedicated Discussion Forum, on their server.
SPEWS is no more.
to SPEWS, first published in NANAE.
and SPEWS on the same web server.
to access Leadlistbuilder.com redirects to SPEWS.org
former spam site, with several mentions in SPEWS, now a part of SPEWS?
Information. This article may be reprinted in the form of brief quotes,
with credit to Chatmag News.
text reprints by permission, with credit to Chatmag News, please email
your request to: