listing/delisting procedures

The following process determines whether to block or not block a range of IP addresses from sending me mail:

  1. Here, I use spamming to loosely refer to any kind of abusive or antisocial activity, not just spamming but also: dictionary attacks, e-pending, mailbombing, or backscatter bounces. I am currently treating backscatter bounces on a shoot first, ask questions later policy. In this day and age, mail servers should refuse to accept unwanted mail, instead of bouncing it to the forged sender address, thus further annoying the victim of sender address forgeries. I will backscatter, or obvious dedicated spam sources immediately, without further notice. Otherwise:
  2. I look not only at the actual source of the spam, but also all web sites, mailboxes, and DNS servers -- all identifiable resources -- used by the spam. I do not differentiate between the actual spam source, and any spam support service -- any resource that is a necessary conduit for the spammer.

    I expect all Internet providers to shut down their spamming customers. Whether their customer uses their network to send spam, or to host the spammer's web site, mailbox, DNS server, or any other resource, it is irrelevant. Every resource used by the spammer must be shut down.

    The rest of this document uses Internet providerto refer to any Internet provider of any resource used by the spammer.

  3. Determine whether the spammer, or the Internet provider is a known career spammer, or an Internet provider with a history of providing spam support services, ignoring spam complaints, or generally acting in an anti-social and abusive manner. If so, the IP addresses are blocked from sending me mail, without any further notice to the Internet provider.
  4. To determine whether someone is a known spammer or a spam-tolerant Internet provider, I use a number of resources: anti-spam mailing lists, Usenet newsgroups, or other credible anti-spam resources. If I believe that the spammer, or the Internet provider, is a known career spammer or a spam-supporting Internet provider, the issue is closed and the IP addresses are blocked. Issue closed.
  5. Otherwise, in absence of any evidence indicating that my complaint would be ignored, I will send a normal spam complaint. If this is a first complaint regarding a spammer or the Internet provider this is going to be the end of it. Generally, nothing will happen the first couple of times I get spammed by someone, except for an ordinary complaint. After a couple of complaints that do not appear to result in any action, I will conclude that the spammer is a career spammer, the Internet provider is a spam-supporting Internet provider, and act accordingly.
  6. Even if I have not heard of a particular spammer, or an Internet provider, I will probably block it from sending me mail, as if it's a known spammer or a spam supporting Internet provider, if:
    1. The complaint bounces or is returned as undeliverable.
    2. If the spammer's Internet address, any one of the related WHOIS records, contains obviously false or fraudulent data.
    3. If the spam contains clear signs of the spammer being a career spammer, such as hash-busting, tagged URLs or linked images, or any other well-known trick-of-the-trade.
    4. If the spam complaint results in a goober reply: just hit delete, just unsubscribe,...
  7. I consider an Internet provider that refuses to shut down their spamming customers to be acting in concert with their spammers in perpetrating network abuse, and after a point I will view them to be no different than the actual spammer. As such, I will expect their upstream Internet provider, or peering partners, to shut them down. As such, the related spam will be viewed as their spam, and their upstream/peers will be viewed as the respective Internet providers, and this situation will be handled accordingly.
  8. When dealing with a new Internet provider that appears to be ignoring complaints about their spamming customers I may or may not block either their entire network immediately, or block only their spammers' IP addresses from sending me mail, and enlarge the block over time until their entire IP address space (as I know it) is blocked. My rationale is that if the Internet provider ignores complaints about these particular spamming customers, they will ignore complaints about their other spamming customers too, so it makes sense for me to list their entire network, as a preventative measure.
  9. I will not accept any promises by an Internet provider to segregate their spamming customers separately from their non-spamming customers. In my opinion, a spam-tolerant Internet provider is not to be trusted on any matter.


This is how I look at requests to unblock IP addresses from sending me mail:

  1. If an Internet provider is asking, all of their spamming customers must be shut down first.
  2. I must have an explanation as to why the previous complaints have been ignored.
  3. I must have an explanation as to what exactly has been put in place to make sure that any future complaints will be promptly addressed.
  4. If an Internet provider is asking, they must commit to shut down their spamming customers within 24 hours of receiving clear evidence of their customers spamming.
  5. In certain cases, a different set of conditions will have to be met. Specifically, I am now listing sources of backscatter bounces. A mail server that sent me a backscatter bounce, due to a forged spam, must be fixed before it is unblocked. More information is given in the specific backscatter record. privacy policy FAQ