[Volunteers] list violation: "ShmooCon 2006" announcement

Ian Kluft ikluft at thunder.sbay.org
Sun Sep 11 13:11:30 PDT 2005

On Sun, Sep 11, 2005 at 11:35:39AM -0700, Chris Verges wrote:
> Can we do any kind of reverse-domain verification in sendmail on the 
> svlug mail servers?  Or some kind of anti-spam checking procedures?

I don't think any of us were checking for IP addresses owned by the
Canopy Group.  Usually that kind of filtering is done with online
blocking lists where actual spam sources have been identified.
The nosneros.net/tuplemovers.net e-mail server isn't on those lists.
A blocking like that can still be done manually if we choose to.

As the for sender of the spam, I think he's probably just naive about
some of the things that we're noticing with alarm.  He subscribed to the
SVLUG list a year ago and sent a few messages to the list.  The last we
had heard from him was Nov 2004.  He has authored some security-related
scripts which he has posted source on his personal web site.  He asked
about PGP key-signings when he wrote to the SVLUG list before.  A bio on
a web article he wrote says he used to be employed in Utah.  He may have
gotten mixed up with Canopy before they participated with SCO in the
attacks on the Open Source community.

Considering that he has posted source code he wrote, I'm inclined to think
he may just be in denial about Canopy's bad reputation and hasn't cut ties
with them yet.  But the fact remains that his e-mail and web servers are
located on Canopy's network and explicitly lists their nameservers in his
domain registrations.  Until he fixes that, I'd hold it against him.

Having identified e-mails coming from Canopy Group's network, I'm inclined
to have SVLUG and sbay.org discuss whether we want to block them entirely.
Saying, "now that you've been brought to our attention, you aren't welcome."

More information about the volunteers mailing list