The Spam Prevention Early Warning System (SPEWS) was an anonymous service which maintained a list of IP address ranges belonging to Internet service providers (ISPs) which host spammers and show little action to prevent their abuse of other networks‘ resources. It could be used by Internet sites as an additional source of information about the senders of unsolicited bulk email, better known as spam.
SPEWS is no longer active. A successor, the Anonymous Postmaster Early Warning System(APEWS), appeared in January 2007.
SPEWS itself published a large text file containing its listings, and operated a database where web users could query the reasons for a listing. Users of SPEWS could access these data via DNS for use by software for DNSBLanti-spam techniques.
For instance, many mail sites used the SPEWS data provided at spews.relays.osirusoft.com. All DNSBLs hosted by Osirusoft were shut down on August 27, 2003 after several weeks of denial of service attacks. A number of other mirrors existed based on the SPEWS data, which remained accessible to the public. SORBS, for example, provided a mirror of SPEWS data until early 2007.
There was a certain degree of controversy regarding SPEWS’ anonymity and its methods. By remaining anonymous, the SPEWS admins presumably wanted to avoid harassment and lawsuits of the sort which have hampered other anti-spam services such as the MAPS RBL and ORBS.
Some ISP clients whose providers were listed on SPEWS took umbrage that their own IP addresses were associated with spamming, and that their mail might be blocked by users of the SPEWS data; often they did not understand that it was their provider that was listed. Sometimes, the only solution was to leave the blacklisted provider, as SPEWS was not willing to cut holes in a listing for a clean user in an otherwise dirty IP block. There was no way for either the customer or the provider to contact SPEWS, and SPEWS claimed that the listings would be removed only when the associated abuse stopped.
The SPEWS database has not been updated since August 24, 2006; dnsbl.com lists its status as dead. Since SPEWS became inactive, the Anonymous Postmaster Early Warning System (APEWS) has taken its place, using similar listing criteria and a nearly identical web page.
The precise process by which SPEWS gathered data about spam sources is unknown to the public, and it is likely that its operators used multiple techniques.
SPEWS seemed to collect some information from honeypots—mail servers or single email addresses to which no legitimate mail is received. These may be dummy addresses which have never sent any email (and therefore could not have requested to be subscribed to any legitimate mailing list). They may also be placed as bait in the header of a Usenet post or on a Web page, where a spammer might discover them and choose to spam them.
The SPEWS Website made it clear that when spam was received, the operators filed a complaint with the ISP or other site responsible for the spam source. Only if the spam continued after this complaint was the source listed. However, SPEWS was anonymous—when these complaints were sent, they were not marked as being from SPEWS, and the site was not told that ignoring the complaint would result in a listing. This had the effect of determining the ISP’s response to a normal user’s spam complaint, and also discouraged listwashing—continuing to spam, but with the complaining address removed from the target list.
If the spam did not stop over time, SPEWS increased the size of the address range listed through a process referred to as “escalation”. This process was repeated, conceivably until the entire netblock owned by the offending service provider was listed or the block was large enough that the service provider is encouraged to take action by the complaints of its paying customers.