Domain: mail-abuse.com
Stories and comments across the archive that link to mail-abuse.com.
Comments · 14
-
Paul Vixie is an hypocrite
- 1. both sides are willing to inflict collateral damage on innocent third parties and can offer arguments as to why their cause warrants this;
- 2. each side thinks the other is evil and must be opposed and that the rule of law is neither fast enough nor effective enough to get the job done;
- 3. both sides believe that the other side must not be allowed to communicate normally with customers, suppliers, supporters, etc.
How can the man that created maps, to which all of the above applies, say these things with a straight face?.
-
IP in a DNS-based list of homes
Nothing will change just because "... on the internet!" is appended.
A person in possession of a CD can't be remotely identified to the performance rights organizations. The user of a streaming service can. Spotify already has to geolocate the IP to block people outside approved countries. It wouldn't be unimaginable for the performance rights organizations to request that Spotify look closer and count how many streams are going to home vs. business IP blocks, using something like MAPS DUL.
-
dnsbl's + other means for spam abatement to use
here's the bl's that i am using with sendmail that would go into your siteconfig.mc file -- that through trial and error -- i have found have zero false positive hit rate... n.b. that the XXX.r.mail-abuse.com (RBL) & XXX.q.mail-abuse.com (QIL) bl's require that you to have a subscription to Trend Micro Advanced Email Reputation Services at http://us.trendmicro.com/us/products/enterprise/n
e twork-reputation-services/index.html -- you can get a free trial at https://nssg.trendmicro.com/download/trial/trial-s ervices.php?id=66 --
make sure you select "Email Reputation Services, Advanced". you would then replace the "XXX" in the below with the activation code they would send you:
FEATURE(dnsbl, `XXX.r.mail-abuse.com.', `"550 Mail from " $&{client_addr} " BLOCKED/RBL; see http://www.mail-abuse.com/cgi-bin/lookup?ip_addres s=" $&{client_addr}')
FEATURE(dnsbl, `zen.spamhaus.org.', `"550 Mail from " $&{client_addr} " BLOCKED/ZEN; see http://www.spamhaus.org/query/bl?ip=" $&{client_addr}')
FEATURE(dnsbl, `bhnc.njabl.org.', `"550 Mail from " $&{client_addr} " BLOCKED/BHNC; see http://www.njabl.org/lookup?" $&{client_addr}')
FEATURE(dnsbl, `bl.spamcop.net.', `"550 Mail from " $&{client_addr} " BLOCKED/COP; see http://www.spamcop.net/w3m?action=checkblock&ip=" $&{client_addr}')
FEATURE(dnsbl, `list.dsbl.org.', `"550 Mail from " $&{client_addr} " BLOCKED/DSBL; see http://www.dsbl.org/listing?" $&{client_addr}')
FEATURE(rhsbl, `dsn.rfc-ignorant.org.',`"550 Mail from domain " $`'&{RHS} " BLOCKED/DSN; MX of domain dose not accept bounces in violation of RFC 821/2505/2821, see http://www.rfc-ignorant.org/tools/lookup.php?domai n=" $`'&{RHS}')
FEATURE(rhsbl, `bogusmx.rfc-ignorant.org.',`"550 Mail from domain " $`'&{RHS} " BLOCKED/BMX; MX of domain contains bogus address information in violation of RFC 1035/3330, see http://www.rfc-ignorant.org/tools/lookup.php?domai n=" $`'&{RHS}')
FEATURE(dnsbl, `XXX.q.mail-abuse.com.', `"450 Mail from " $&{client_addr} " BLOCKED/QIL; see http://www.mail-abuse.com/cgi-bin/lookup?ip_addres s=" $&{client_addr}')
FEATURE(dnsbl, `safe.dnsbl.sorbs.net.', `"450 Mail from " $&{client_addr} " BLOCKED/SAFE; see http://www.dnsbl.sorbs.net/lookup.shtml?" $&{client_addr}')
i also use the http://hcpnet.free.fr/milter-greylist greylisting package as well as spamassassin with some custom score tweaks available at http://iconia.com/user_prefs. all this keeps my mailbox as well as other users at a college radio station and a commercial asp with lots of public email addresses on their respective websites relatively spam free.
respectfully submitted,
geoff goodfellow -
dnsbl's + other means for spam abatement to use
here's the bl's that i am using with sendmail that would go into your siteconfig.mc file -- that through trial and error -- i have found have zero false positive hit rate... n.b. that the XXX.r.mail-abuse.com (RBL) & XXX.q.mail-abuse.com (QIL) bl's require that you to have a subscription to Trend Micro Advanced Email Reputation Services at http://us.trendmicro.com/us/products/enterprise/n
e twork-reputation-services/index.html -- you can get a free trial at https://nssg.trendmicro.com/download/trial/trial-s ervices.php?id=66 --
make sure you select "Email Reputation Services, Advanced". you would then replace the "XXX" in the below with the activation code they would send you:
FEATURE(dnsbl, `XXX.r.mail-abuse.com.', `"550 Mail from " $&{client_addr} " BLOCKED/RBL; see http://www.mail-abuse.com/cgi-bin/lookup?ip_addres s=" $&{client_addr}')
FEATURE(dnsbl, `zen.spamhaus.org.', `"550 Mail from " $&{client_addr} " BLOCKED/ZEN; see http://www.spamhaus.org/query/bl?ip=" $&{client_addr}')
FEATURE(dnsbl, `bhnc.njabl.org.', `"550 Mail from " $&{client_addr} " BLOCKED/BHNC; see http://www.njabl.org/lookup?" $&{client_addr}')
FEATURE(dnsbl, `bl.spamcop.net.', `"550 Mail from " $&{client_addr} " BLOCKED/COP; see http://www.spamcop.net/w3m?action=checkblock&ip=" $&{client_addr}')
FEATURE(dnsbl, `list.dsbl.org.', `"550 Mail from " $&{client_addr} " BLOCKED/DSBL; see http://www.dsbl.org/listing?" $&{client_addr}')
FEATURE(rhsbl, `dsn.rfc-ignorant.org.',`"550 Mail from domain " $`'&{RHS} " BLOCKED/DSN; MX of domain dose not accept bounces in violation of RFC 821/2505/2821, see http://www.rfc-ignorant.org/tools/lookup.php?domai n=" $`'&{RHS}')
FEATURE(rhsbl, `bogusmx.rfc-ignorant.org.',`"550 Mail from domain " $`'&{RHS} " BLOCKED/BMX; MX of domain contains bogus address information in violation of RFC 1035/3330, see http://www.rfc-ignorant.org/tools/lookup.php?domai n=" $`'&{RHS}')
FEATURE(dnsbl, `XXX.q.mail-abuse.com.', `"450 Mail from " $&{client_addr} " BLOCKED/QIL; see http://www.mail-abuse.com/cgi-bin/lookup?ip_addres s=" $&{client_addr}')
FEATURE(dnsbl, `safe.dnsbl.sorbs.net.', `"450 Mail from " $&{client_addr} " BLOCKED/SAFE; see http://www.dnsbl.sorbs.net/lookup.shtml?" $&{client_addr}')
i also use the http://hcpnet.free.fr/milter-greylist greylisting package as well as spamassassin with some custom score tweaks available at http://iconia.com/user_prefs. all this keeps my mailbox as well as other users at a college radio station and a commercial asp with lots of public email addresses on their respective websites relatively spam free.
respectfully submitted,
geoff goodfellow -
Re:One Point For Gmail
A warning about gmail: I like it, but it constantly finds itself blacklisted by a number of spam control services, such as http://www.mail-abuse.com/ [mail-abuse.com]. As a result, I cannot use gmail to send to co-workers, because my company's IT dept. uses the above service. The gmail team either does not care that many organizations simply will not receive mail sent via gmail, or are unable to prevent gmail from being repeatedly blacklisted. Messages to the gmail support team about this issue appear to fall into a black hole. This is curious to me, since even hotmail was able to figure out how to keep from being constantly blacklisted.
-
Gmail is constantly blacklisted
A warning about gmail: I like it, but it constantly finds itself blacklisted by a number of spam control services, such as http://www.mail-abuse.com/. As a result, I cannot use gmail to send to co-workers, because my company's IT dept. uses the above service. The gmail team either does not care that many organizations simply will not receive mail sent via gmail, or are unable to prevent gmail from being repeatedly blacklisted. Messages to the gmail support team about this issue appear to fall into a black hole. This is curious to me, since even hotmail was able to figure out how to keep from being constantly blacklisted.
-
Re:Sounds like a lawsuit waiting to happen...
if you see the flash tutorial about how it works, they first send warning messages about the spam being sent and only when there is no response from them, such a step is taken.
And MAPS, which claims a similar notification policiy has been sued how many times for blacklisting spammers? -
Who still uses the MAPS RBL?
I quit using MAPS years ago because it was no longer effective, especially for business use. Their solution to one spam from a customer of a large ISP is to block the whole ISP or, if you were lucky, just the whole contiguous IP space that one spam came from. Still, this meant something like a quarter of the Fourtune 500 had mail servers being blocked, which is unacceptable for a business-to-business email server. Worse, it rarely blocked much spam.
In fact, I just searched the MAPS RBL for the last ten spams rejected by my mail server and only two of the hosts were listed in the MAPS RBL. -
Re:a plea for more letters, fewer acronymsMAPS Mail Abuse Prevention Systems
Now purchased by Kelkea, see www.mail-abuse.com.
RBL Realtime Blackhole ListA service mark of MAPS, originally a blackhole for all traffic (technically a BGP feed, used to null-route, if I remember correctly).
Later also published through DNS (to see if 10.11.12.13 is listed, one would lookup 13.12.11.10.blackholes.mail-abuse.org) and RBL started to be used for the DNS zone blackholes.mail-abuse.org.
Even later all DNS zones which can be used to block (or allow) traffic became known as RBLs; since it is a service mark, using DNSBL (Domain Name System Block/Black List) might be more correct.
-
Re:a plea for more letters, fewer acronyms
RBL:
http://www.webopedia.com/TERM/R/RBL.html
MAPS:
http://www.mail-abuse.com/
And, last but not least:
http://justfuckinggoogleit.com/ -
Brightmail works greatI work for an ISP, and we've been using Brightmail since before version 1. We use the MAPS DNS blocklists as a "front-line" defense and then Brightmail for spam and virus filtering. You can see our email statistics here.
I wrote the original sendmail milter interface to Brightmail that they derived their milter software from. We still run my milter because I've added additional options over time; Brightmail includes an SDK that you can use to interface to custom setups easily.
-
Re:It's pretty simplebut why do I need to do that much extra work when the existnig DNSBL stuff works and could be used in nearly every MTA as is without doing any extra code
First of all SPF targets an entirely different problem inherent to spam than DNSBL's do. SPF specifically targets forged "From" addresses. DNSBL's target the originating IP of the e-mail. You can't target one type of spam using the other method.
Second, even support for DNSBL's didn't exist in the vast majority of MTA's until spam became a problem and the first DNSBL's like MAPS came along. If SPF becomes more and more widespread in its use then I'm sure you'll start seeing support for it getting rolled direclty into MTA's rather than having to use add-on's.
-
Re:here you go:
-
Re:Replacement needed for SMTP
The big thing is that email is one of the "killer apps" of the Internet. Any anti-Spam solution has to be universal. I do not see micropayments for email ever being universal. This would mean that every single ISP across the globe would have to go to it to truly work.
Why does it have to be universal? And why does every single ISP have to do it?
Let's look at existing anti-SPAM measures, like MAPS and RFC-Ignorant. As such businesses like to point out, they are not a filter or censor - they are merely a list which individuals and groups may choose to use to filter their email. The same is even more true at the MUA level, where individuals may or may not use or implement filtering (such as SpamAssassin Pro)
Also, the need for it is not universal, so why need the solution be? How much is your time worth? Would it be worth it to you to charge - and be charged - a miniscule amount to have a reasonably clear email stream? How about your mother? How about the CEO of your company? Different people have different thresholds of need, and different willingness to pay and/or inconvenience their correspondents.
Systems already exist which automate the process of kicking unknown sender's mail back with instructions on how to overcome the block - again, it's something individuals choose to use today, without killing the "universal" nature of email.
And you do not get to the real question: How is micropayments for email not a step backwards.
It is a given that the problem with SPAM is that it costs the sender nothing, and there is no market restraint upon it. Therefore, I took it as a given that some form of cost is involved in the solution. You take that as a backwards step. I don't neccessarily agree - but I retain the right not to send people email if I don't feel they are worth dropping
.001 cents on.Not everything that is free is good, and not everything which costs is bad.
(You also decided not to touch upon the issue that a lot of people have problems with PayPal, the example you decided to use - these types of problems are always going to arise when it comes to a universal system involving people's money)
Of course not - because such problems are not unique to the Internet or Micropayments, but have existed since Ogg first required Mog to exchange clam shells for food. It is a given that such a system will either be regulated or not, and will either be trustworthy or not. It is also a given that even with the best controls, someone somewhere will get scalped someday, because humans suck.