Note that the people that run this site are strongly against unsolicited commercial or bulk email of any kind, but we feel that the SPEWS folks are going about this in a highly unprofessional and irresponsible manner. Unfortunately, by choosing to remain anonymous and by acting in what appears to be an arbitrary manner based in some cases on personal vendettas, SPEWS leaves innocent network operators with little to no other choice in terms of fighting back.

Null routing is a pretty big deal, as it basically blackholes sections of the Internet without any kind of feedback to end users as to why they cannot reach certain servers/sites. Before taking this step, think about its consequenses for your network and/or your customers.

If null routing is the path you choose, the following information will likely be helpful.

SPEWS Server

Several of the methods for using SPEWS data to block email involve the transfer of data from the server(s) designated at www.spews.org. You'll need to null route these:

• www.spews.org is in 203.52.209.0/24

SPEWS DNS Servers

SPEWS makes use of a very large number of nameservers. Why? Probably to make it more difficult for anyone to take any real action against SPEWS. No matter. Here are the netblocks you need to know about in order to null route the current crop of nameservers handling the spews.org domain. Of special note are the osirusoft.com hosts. If you null route them, you are likely going to break at least a couple of DNSBLs, meaning they won't work from your network.

• NS1.EASYDNS.COM and NS2.EASYDNS.COM are in 216.220.40.0/24
• NS.OSIRUSOFT.COM is 216.102.236.42/32
• RELAYS.OSIRUSOFT.COM is 216.102.236.44/32
• NS1.YOURDNS-HOSTS.COM is in 64.170.254.0/24
• DNS2.ULTRADESIGN.NET is in 193.115.218.0/24
• REMOTE1.EASYDNS.COM is in 64.39.29.0/24
• REMOTE2.EASYDNS.COM in in 212.100.224.0/24
• NS1.PC-GAMEREVIEW.COM and NS2.PC-GAMEREVIEW.COM are in 199.107.162.0/24
• NS1.MORENET.NET.NZ and NS2.MORENET.NET.NZ are in 210.185.31.0/24

Osirusoft

As of June 2002, it appears that relays.osirusoft.com is the only DNSBL system making use of SPEWS data. So, you'll have to null route it, which would be done as part of the DNS server null routing (see above).

Null Routing Syntax

Cisco, Foundry BigIron:

ip route 203.52.209.0 255.255.255.0 null0
ip route 216.220.40.0 255.255.255.0 null0
ip route 216.102.236.42 255.255.255.255 null0
ip route 216.102.236.44 255.255.255.255 null0
ip route 64.170.254.0 255.255.255.0 null0
ip route 193.115.218.0 255.255.255.0 null0
ip route 64.39.29.0 255.255.255.0 null0
ip route 212.100.224.0 255.255.255.0 null0
ip route 199.107.162.0 255.255.255.0 null0
ip route 210.185.31.0 255.255.255.0 null0

Juniper

set routing-options static route 203.52.209.0/24 reject install
set routing-options static route 216.220.40.0/24 reject install
set routing-options static route 216.102.236.42/32 reject install
set routing-options static route 216.102.236.44/32 reject install
set routing-options static route 64.170.254.0/24 reject install
set routing-options static route 193.115.218.0/24 reject install
set routing-options static route 64.39.29.0/24 reject install
set routing-options static route 212.100.224.0/24 reject install
set routing-options static route 199.107.162.0/24 reject install
set routing-options static route 120.185.31.0/24 reject install

As more helpful information becomes available, we'll post it here.