Domain: declude.com
Stories and comments across the archive that link to declude.com.
Comments · 10
-
Re:Someone is full of himself
been hiding under a rock much?
http://en.wikipedia.org/wiki/The_Abusive_Hosts_Blocking_List, considering his own name is HARDLY spattered over the internet as a karma whore / full of himself - I would be much more likely to to believe him than some trolling A/C that has what, committed translations from English UK to English US? Of course that is on the assumption that the poster is who he says he is but if you did actually google rather than being arrogant and full of yourself - then you would find that the guy has indeed been rather involved in anti spam lawsuits etc.
http://www.declude.com/Articles.asp?ID=262
OR
"My name is Andrew D Kirch, I'm one of the founders of the AHBL, and served in that capacity until 2008. I've been harassed, extorted, sued, and defamed by a Mr. Richard Morton Scoville, a resident of San Antonio, Texas for a period of 7 years. During that time I have suffered nearly irreparable damage to my character, and public reputation. I've been questioned by police, and my customers, and I have incurred over $10,000 in legal costs defending myself in court against this person."So, AC - is your code contributions worth $10k to you?
OR
http://www.ahbl.org/legal/scoville/courtdocsLet me just make another assumption here, You are American and don't know who "Tim" Berners-Lee is either? I actually couldn't care less if you do or don't know who he is - but my point being is you wouldn't do the extra effort to look it up.
not posted anon, because I've not been a pussy since 1994.
-
Re:Omnipotent awareness... or notThis is a large list of the different blacklists available with a short blurb about how they operate, if they are free or fee based, and a link to each site. http://shopping.declude.com/Articles.asp?ID=97 182 working spam databases listed. 254 total spam databases listed. About 681 represented, including country databases. List of All Known DNS-based Spam Databases. The most common way of detecting spam is by using spam databases (blacklists, sometimes incorrectly referred to as RBLs, since RBL is trademarked by MAPS) that list the addresses of mail servers known (or believed) to send spam.
-
RBL advice
Certainly. The answer, unfortunately of course, is "it depends". It depends on what your own tolerance of false-positives is, and what your current level and nature of spam is (where "you" also includes the users of your system - there's a world of difference between an ISP with tens of thousands of paying customers, a small organisation with a hundred employees, and a personal family/friends server).
My best advice is to carefully examine the policies of the RBLs, and revisit that examination on a regular basis. Look at whether the process by which IPs are added to a list is automatic, or human-moderated. Are they using spamtraps? Do they allow just anybody to submit addresses for listing? Is the listing process openly specified, or a black box? What is the procedure for de-listing an address? Google around for others' experiences using the list. This Declude page is a useful starting point (I have no relation to Declude).
Currently, I see the least collateral damage with the Spamhaus lists. My top recommendation would be the sbl-xbl.spamhaus.org list, a composite list consisting of known spammers plus a pretty good list of compromised/trojanned systems.
On one extreme, SPEWS is hardcore - I would never recommend them to anyone who isn't very well aware of the implications of what they are doing. On the other end of the scale, open relay lists like relays.ordb.org and the like are very benign, but less useful, since there hardly are any more open relays these days. I used to really like Spamcop's lists, but I lost faith in them a couple of years ago when I experienced some inexcusable cock-ups. More recently, Spamcop changed listing policy and started listing systems that were sending "mis-directed bounces", which I personally find misguided (long story, see this discussion for a start). Also be careful about "multi-stage" or "multi-hop" lists. These can often end up listing major ISP servers, simply because one of their clients relayed a spam that way, typically caused by a trojan-type infection.
I've also had trustworthy results with cbl.abuseat.org, and in a typical configuration I often also use relays.ordb.org (open relays) and list.dsbl.org.
-
Re:yet another waste of time
1. Spammers make money by using a disproportionate amount of bandwidth than what they pay for. Stopping spam from entering peoples' inboxes is less than half the problem. 70% or more of all SMTP traffic is UCE and everyone pays for that in higher costs and slower performance regardless of whether they have spam filters in place.
Bandwidth is a problem, but it's the least of our problems.
Typical spam is under 10K.
Cost to send 10K is under $0.0001 - and the cost is falling.
Compare that with the amount of time you spend deleting spam - about 1 second.
Even a $1/hour, it costs a lot more to for a human to look at and delete spam than for the computer to receive it.
Spam read by the human is closer to 90% of the problem.
2. The majority of the anti-spam solutions (with the exception of RBLs) including the one related to this article, require extra time, bandwidth and resources on the part of innocent networks to deal with the spam problem. This is a step backwards.
Once again, bandwidth is not the only cost, nor is it the major cost.
However, there is a large human-time cost for any spam solution, including RBLs.
RBLs aren't a fire-and-forget solution.
If you want to stop spammers you have to stop them from stealing bandwidth. To date, the ONLY effective solution thus far has been relay blacklisting. This has several added benefits including: stopping propagating of worms/viruses, and forcing ISPs to police the illegal activities of their users and shut down nodes which are spamming through their network.
RBLs are not the only effective method.
Greylisting for example, reduces bandwidth costs, and blocks 85-95% of all spam.
In fact, greylisting has fewer false positives and fewer false negatives than any RBL I've ever tested.
Which includes almost every RBL mentioned at http://www.declude.com/Articles.asp?ID=97
And I'll point out that the system described in the fine article can reduce bandwidth too.
70% of all senders would be rejected before the data stage, a very small challenge sent, and better than 99% would never be heard from again.
So instead of receiving a 5K spam, you send a 1K message - a net reduction.
As an ISP, I have no interest in yet another costly anti-spam solution that I have to install that doesn't address the larger issue of the tons of bandwidth spammers waste on my network and every one in between. This system wastes even more resources by attempting to verify the source of every e-mail in an even more detailed manner than before, so the end result is: more computing resources needed, more bandwidth needed and slower mail service.
No thanks.
I encourage my competitors to agree with you.
-- Should you belive authority without question? -
Re:They're annoying
So don't use the extremist ones like SPEWS. There are plenty of other DNSBLs to choose from.
-
Just like SPEWS and some others?But isn't this the same kind of "policy" that some aggressive anti-spam lists have? Some that come to mind are:
spews.org
(and indirectly osirusoft.com)
selwerd.cx
blars.org
bl.reynolds.net.auPersonally I choose to use block lists that have clear open operating policies, including clear adding and removal methods. A small sample include:
spamcop.net
ordb.org
proxies.relays.monkeys.org
opm.blitzed.orgThis is certainly not a comprehensive list, but it is a good start. A good comprehensive list is at: http://www.declude.com/JunkMail/Support/ip4r.htm
And most importantly, READ THE POLICIES OF THE BL *BEFORE* USING IT. The last thing you want is to start using a BL, only to find most of Asia, or big ISPs, are among the ones blocked, and you're losing legitimate email.
-
Re:Blocking Spam
Other have already found those IPs for you: http://www.declude.com/JunkMail/Support/ip4r.htm.
-
Re:Not difficult, folks
Good man, you use exim! There are some other DNSBL lists that you might want to lookin to. They are listed here. BTW, what kind of false positive (legil mail getting dropped) rate do you get?
-
Re:Good for ISPs?
Try using procmail in conjunction with one (or more) these DNSBL services. Be warned that some of the DNSBL services are more 'aggressive' than others.
-
MAPS press release
Since the article body only referenced the Experian press release, I thought a few people might be interested in the press release from the other side. It reads a little differently, but the gist appears to be the same; opt-in is not required.
That being said, since they went commercial, their value to the community as a whole has been significantly lower. I would recommend people use alternative listings at this point.