Note that the people that run this site are strongly against unsolicited commercial or bulk email of any kind, but we feel that the SPEWS folks are going about this in a highly unprofessional and irresponsible manner. Unfortunately, by choosing to remain anonymous and by acting in what appears to be an arbitrary manner based in some cases on personal vendettas, SPEWS leaves innocent network operators with little to no other choice in terms of fighting back.
Null routing is a pretty big deal, as it basically blackholes sections of the Internet without any kind of feedback to end users as to why they cannot reach certain servers/sites. Before taking this step, think about its consequenses for your network and/or your customers.
If null routing is the path you choose, the following information will likely be helpful.
Several of the methods for using SPEWS data to block email involve the transfer of data from the server(s) designated at www.spews.org. You'll need to null route these:
SPEWS DNS Servers
SPEWS makes use of a very large number of nameservers. Why? Probably to make it more difficult for anyone to take any real action against SPEWS. No matter. Here are the netblocks you need to know about in order to null route the current crop of nameservers handling the spews.org domain. Of special note are the osirusoft.com hosts. If you null route them, you are likely going to break at least a couple of DNSBLs, meaning they won't work from your network.
As of June 2002, it appears that relays.osirusoft.com is the only DNSBL system making use of SPEWS data. So, you'll have to null route it, which would be done as part of the DNS server null routing (see above).
Null Routing Syntax
Cisco, Foundry BigIron:
ip route 18.104.22.168 255.255.255.0 null0 ip route 22.214.171.124 255.255.255.0 null0 ip route 126.96.36.199 255.255.255.255 null0 ip route 188.8.131.52 255.255.255.255 null0 ip route 184.108.40.206 255.255.255.0 null0 ip route 220.127.116.11 255.255.255.0 null0 ip route 18.104.22.168 255.255.255.0 null0 ip route 22.214.171.124 255.255.255.0 null0 ip route 126.96.36.199 255.255.255.0 null0 ip route 188.8.131.52 255.255.255.0 null0
set routing-options static route 184.108.40.206/24 reject install set routing-options static route 220.127.116.11/24 reject install set routing-options static route 18.104.22.168/32 reject install set routing-options static route 22.214.171.124/32 reject install set routing-options static route 126.96.36.199/24 reject install set routing-options static route 188.8.131.52/24 reject install set routing-options static route 184.108.40.206/24 reject install set routing-options static route 220.127.116.11/24 reject install set routing-options static route 18.104.22.168/24 reject install set routing-options static route 22.214.171.124/24 reject install
As more helpful information becomes available, we'll post it here.
pissed off sysadmins since June 20, 2002