Acronym: The Spam Prevention Early-Warning System.
In the late 1990s the proliferation of spam became epidemic. People found themselves unable to use their inboxes. Realtime blocklists were tried (such as MAPS), but were largely unsuccessful, partly because they had to go through a series of warnings and checks before they would list a spammer, by which time he may have sent millions of UBE around the world.
What was needed was a system that would list known spammers before they sent spam, and block new spammers in seconds.
Against this background SPEWS came about. First conceived in May 2000 and going public beta in July 2001, SPEWS is a realtime blocklist that published IP ranges of spammers. Using email filters such as procmail, it's possible to filter out any mail originating on the SPEWS list.
But SPEWS goes much further. The problem is not just the spammers themselves, but also the spamhausen that help them spam, and the bigger ISPs who allow them connectivity and freedom to ignore their AUPs.
If an ISP fails to act on spam, SPEWS will list parts of their internet presence; they have listed Class C networks and bigger. This has an impact on a lot of innocent people, and a small ISP downstream of bigger, spam-friendly ISP may find itself totally blackholed for the action of another small ISP which is spam-friendly. But this is what SPEWS wants. The complaints of all these customers should make the big ISP sit up and notice, and nuke its spammers. This is what the anti-spam community calls "collateral damage".
A quick note: SPEWS is therefore not an open relay blocklist, nor a list of spammers, but rather a list of netblocks designed to both block spam and force the spammers off mainstream networks.
SPEWS is anonymous and uncontactable. Nobody knows how they build their lists. Though it's implied that the system is largely automated, there is some evidence that the maintainers - and there must be a few - do a lot of manual work too. The evidence files against each blocklisting are drawn from public sources.
If you want to speak to SPEWS, you can't; no phone, no email (not even an MX record on spews.org), and an address in Irtutsk, Russia. All inquiries are directed to news.admin.net-abuse.email or news.admin.net-abuse.blocklisting on usenet, where politeness is everything. The locals don't take too kindly to the request:
Remove the following netblocks from SPEWS:
xxx.xxx.xxx.xxx/24
etc. Try it, and watch the flames start coming in.
It's assumed that the SPEWS admins monitor nanae heavily. Certainly when an ISP really does boot their spammers, their listing can disappear in hours; I've seen it happen. However, a number of ISPs complain about out-of-date SPEWS listings.
There are often threats in nanae from people threatening to sue SPEWS for listing. They never do, for good reasons:
- SPEWS only publishes a list, other people have to use it to block anything. It'd make more sense to try and sue the company actually doing the blocking.
- SPEWS listing constitutes an opinion, protected by the USA's First Amendment.
- There is no legal right to be able to send email.
- Anyone can reject email or any connection for any reason they want, or no reason at all.
- It's hard to sue an anonymous, secret, unregistered organisation with no assets.
- The people threatening to sue are spammers, and spammers always lie.
SPEWS has 2 levels of listing; Level 1 is what most people block at, which at first targets individual IPs or infested /24s, but expands if nothing is done about the spammers. Level 2 listings are 'wait and see' status. It's possible to block at Level 2, but not recommended as it can cause too much collateral damage. There's also a Level 0 for former blocks that have been removed. It's impossible to block at level 0.
Of course, these blocklists are only effective if they are widely used. SPEWS listings tend to upset people, so the SPEWS list must be fairly widely used, mainly by medium and large corporations, and quangos probably. One estimate is that about 1/3 of the Internet uses the SPEWS blocklist, though I'm not sure how they measure this one.
The blocklist is distributed by Relays.Osirusoft.com and myrealbox.com provide a free SPEWS-protected email/webmail service from myrealbox.com.
See also www.spews.org.