possible spam compromise - advice please

Roger Dingledine arma at mit.edu
Fri Feb 18 13:57:09 UTC 2011


On Fri, Feb 18, 2011 at 01:27:07PM +0000, mick wrote:
> Firstly, my apologies if this list is inappropriate for this question.
> If it should be aimed elsewhere, plesae let me know.

No, this list is a great choice.

> I currently run two exit nodes at toroftheworld.aibohphobia.org and
> toroftheworld2.aibohphobia.org. I have just been contacted by the
> provider of one of these nodes to say that they have received a
> complaint from spamcop that my IP address has been responsible for
> sending bulk email (spam). I can't yet see any evidence on my box of
> this, but I thought I'd check here before saying categorically that tor
> usage cannot be responsible.
> 
> ExitPolicy accept *:80
> ExitPolicy accept *:443
> ExitPolicy reject *:*

See e.g. the last bullet point at
https://www.torproject.org/docs/faq-abuse.html.en#TypicalAbuses

A lot of spam blacklists don't actually work by receiving spam mail via
smtp. Instead they look for a wide variety of activity that they think
is related to a compromised computer, and then assume that computer will
soon be sending spam mail as well. Unfortunately, that approach makes
the wrong decision for Tor exit relays.

You might ask your provider for a copy of the complaint, to get more
hints? Maybe somebody is scribbling on some web forum through your relay,
and spamcop is jumping to conclusions. I would avoid "saying categorically
that tor usage cannot be responsible" -- first you should try to figure
out what the complaint (and evidence) actually is, and then you can help
your ISP understand what's going on.

Also check out http://paulgraham.com/spamhausblacklist.html if you
want to get more angry at the overall approach of spam blacklists --
pretty much all of them follow this pattern. :( Their tactics can get
pretty ugly. One of the future steps in the arms race could even be
listing your neighbors as spammers, even if they're perfectly innocent,
to force the neighbors to force you to stop your behavior.

Hope that helps,
--Roger



More information about the tor-relays mailing list