Slashdot Mirror

Or SORBS who demand $50 to get off the list. That's a royal pain in the arse.

I literally get 0 spam in my inbox. The only spam I ever get is from businesses that I have a "relationship" for (ie., created an account on their site, said no thanks to junk, but got it anyway). Easy enough to block them since each site gets their own alias.jan-1-2007@mydomain.com that I can filter later on and never bother to "unsubscribe."

I use sendmail with greylisting as my frontline defense, then dul.dnsbl.sorbs.net, `sbl-xbl.spamhaus.org, list.dsbl.org, and lastly bl.spamcop.net. Thunderbird is great at picking up all the stupid "business relationship" junk based on the servers spamassassin's markings (but I don't have spamassassin dropping anything, just marking it up), but mostly just gets in the way of me permanently rejecting their mail (just a few a month ever come in).

I found many of the sendmail configuration lines from http://www.sdsc.edu/~jeff/spam/Sendmail.html if you'd like to give it a try.

4 days worth of spam filtering shows the following were blocked (this is just for my little list of personal domains, mind you):
# grep -c sorbs /var/log/maillog
16048
# grep -c spamhaus /var/log/maillog
13246
# grep -c dsbl.org /var/log/maillog
230
# grep -c spamcop.net /var/log/maillog
897

Combined spam blocked (each file is 7 days worth of spam count, except the top one which is only 4 days):
# grep -cF $'sorbs\nspamhaus\ndsbl.org\nspamcop.net' /var/log/maillog*

/var/log/maillog:30486

/var/log/maillog.1:43508

/var/log/maillog.2:41687

/var/log/maillog.3:36868

/var/log/maillog.4:35687

I used to work in the abuse department of an ISP which had been blacklisted by SORBS. SORBS require a "donation" to get your IP range off their list, and since we refused to hand over extortion money to these gangsters, there was no way for us to deal with them. Despite our best efforts, we also found that there was no way to get in contact with them, and as such no way to help our customers.

Checked delisting rules

Fee is required only if you are listed as spammer.

here's the bl's that i am using with sendmail that would go into your siteconfig.mc file -- that through trial and error -- i have found have zero false positive hit rate... n.b. that the XXX.r.mail-abuse.com (RBL) & XXX.q.mail-abuse.com (QIL) bl's require that you to have a subscription to Trend Micro Advanced Email Reputation Services at http://us.trendmicro.com/us/products/enterprise/ne twork-reputation-services/index.html -- you can get a free trial at https://nssg.trendmicro.com/download/trial/trial-s ervices.php?id=66 --
make sure you select "Email Reputation Services, Advanced". you would then replace the "XXX" in the below with the activation code they would send you:

FEATURE(dnsbl, `XXX.r.mail-abuse.com.', `"550 Mail from " $&{client_addr} " BLOCKED/RBL; see http://www.mail-abuse.com/cgi-bin/lookup?ip_addres s=" $&{client_addr}')

FEATURE(dnsbl, `zen.spamhaus.org.', `"550 Mail from " $&{client_addr} " BLOCKED/ZEN; see http://www.spamhaus.org/query/bl?ip=" $&{client_addr}')

FEATURE(dnsbl, `bhnc.njabl.org.', `"550 Mail from " $&{client_addr} " BLOCKED/BHNC; see http://www.njabl.org/lookup?" $&{client_addr}')

FEATURE(dnsbl, `bl.spamcop.net.', `"550 Mail from " $&{client_addr} " BLOCKED/COP; see http://www.spamcop.net/w3m?action=checkblock&ip=" $&{client_addr}')

FEATURE(dnsbl, `list.dsbl.org.', `"550 Mail from " $&{client_addr} " BLOCKED/DSBL; see http://www.dsbl.org/listing?" $&{client_addr}')

FEATURE(rhsbl, `dsn.rfc-ignorant.org.',`"550 Mail from domain " $`'&{RHS} " BLOCKED/DSN; MX of domain dose not accept bounces in violation of RFC 821/2505/2821, see http://www.rfc-ignorant.org/tools/lookup.php?domai n=" $`'&{RHS}')

FEATURE(rhsbl, `bogusmx.rfc-ignorant.org.',`"550 Mail from domain " $`'&{RHS} " BLOCKED/BMX; MX of domain contains bogus address information in violation of RFC 1035/3330, see http://www.rfc-ignorant.org/tools/lookup.php?domai n=" $`'&{RHS}')

FEATURE(dnsbl, `XXX.q.mail-abuse.com.', `"450 Mail from " $&{client_addr} " BLOCKED/QIL; see http://www.mail-abuse.com/cgi-bin/lookup?ip_addres s=" $&{client_addr}')

FEATURE(dnsbl, `safe.dnsbl.sorbs.net.', `"450 Mail from " $&{client_addr} " BLOCKED/SAFE; see http://www.dnsbl.sorbs.net/lookup.shtml?" $&{client_addr}')

i also use the http://hcpnet.free.fr/milter-greylist greylisting package as well as spamassassin with some custom score tweaks available at http://iconia.com/user_prefs. all this keeps my mailbox as well as other users at a college radio station and a commercial asp with lots of public email addresses on their respective websites relatively spam free.

respectfully submitted,
geoff goodfellow

Well, we do use SORBS, but not the default filter they provide (which is way too agressive).
You may choose one more to your liking, as described here
I believe the best is to pick "safe" things like open relays, ADSL IPs and only the recently added hosts.

Yeah, I'm aware of all the horror histories on SORBS, but you know what? We maintain a public university mail server, the e-mail addresses are readily available everywhere (also, the users don't help either) AND we have a severe lack of technical personel (working on the perfect spam blocking system is not an option). And we're constantly being flooded with spam and attacks.
So, yeah, in our case SORBS is the lesser evil.

We already know where the zombies are. Hard working volunteers collect and publish (among other things) zombies, an ever growing list of the nodes used to carry out spam runs, DoS attacks, and other mischief.

cbl, sorbs, uceprotect, wpbl, and others all publish this info in near realtime

That's where the info is. A responsible ISP has to search the lists for their hosts and then go from there.

Now if extortionist SORBS would die ... "dontate to a SORBS-approved charity to get off the list"

Or good cause.

Extortion is a criminal offense, which occurs when a person either obtains money or property from another through coercion or intimidation or threatens one with physical harm unless they are paid money or property.

They don't get those 50 USD and you must pay for delisting only if you are listed as spammer. Delisting from other lists is free. Prove that they made mistake, make sure that your server is not abused or vulnerable and they will remove you.

So you are spammer or your address was used by spammer and you haven't checked that address when provider assigned it to you.

Check your users against DNSBLs. Originally intended to block out malicious mailservers via their IP addresses, they are applicable on webservers as well. Via sorbs you can check for open HTTP and SOCKS proxies (interresting for you), open SMTP servers (not very interresting for you), webservers with unpached vulnerabilities, hijacked IP netblocks and malicious (in bed with spammers) network service providers. Other lists include the here recently mentioned Spamhaus list, and various DULs (dial up user lists). See the Wikipedia article for some of them.

I used DNSBLs at my former employer to block users coming through open proxys from registering domains. We saw that every phisher who bought a domain name came through an open HTTP proxy and used a stolen credit card. So using DNSBLs was the only viable option then.

Blacklists, my friend. Here's my current list:

rsync-mirrors.uceprotect.net : Level 2 - Fast local blocking
combined.njabl.org - For dynamic IPs and other
dnsbl.sorbs.net - For open relays
relays.ordb.org - For open relays
list.dsbl.orgM - Various types of Unsecured servers
dnsbl.tqmcube.com - dynamic IPs, spam trap
bl.spamcop.net - Spam trap
sbl-xbl.spamhaus.org - Known spammers, exploited servers
l2.spews.dnsbl.sorbs.net - Spam friendly ISPs
dnsbl.ahbl.org - Realtime composite

About four of those are composites, and contain blocks for dynamic IPs. Each link goes to the usage page for the blacklist, and if you want, you can just block dynamic IPs by using the correct subdomain.

Blacklists, my friend. Here's my current list:

rsync-mirrors.uceprotect.net : Level 2 - Fast local blocking
combined.njabl.org - For dynamic IPs and other
dnsbl.sorbs.net - For open relays
relays.ordb.org - For open relays
list.dsbl.orgM - Various types of Unsecured servers
dnsbl.tqmcube.com - dynamic IPs, spam trap
bl.spamcop.net - Spam trap
sbl-xbl.spamhaus.org - Known spammers, exploited servers
l2.spews.dnsbl.sorbs.net - Spam friendly ISPs
dnsbl.ahbl.org - Realtime composite

About four of those are composites, and contain blocks for dynamic IPs. Each link goes to the usage page for the blacklist, and if you want, you can just block dynamic IPs by using the correct subdomain.

You can, actually. I highly recommend it. It's done wonders for cutting down the amount of spam getting through my server.

Visit http://www.us.sorbs.net/using.shtml. The RBL you'll be interested in is dul.dnsbl.sorbs.net. It contains all dynamic IPs. Enjoy!

A few months ago my grandmother's ISP started using the sorbs.net blacklist which blocks quite a few gmail servers. At least half the e-mails I sent her were returned because of the blacklist. I eventually gave up on e-mailing her through gmail because it was so unreliable.

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

        xxxxxxxx@cogeco.ca

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 554 Service unavailable; Client host [64.233.184.194] blocked using dnsbl.sorbs.net; Spam Received See: http://www.sorbs.net/lookup.shtml?64.233.184.194

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

        xxxxxxxx@cogeco.ca

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 554 Service unavailable; Client host [64.233.166.179] blocked using dnsbl.sorbs.net; Spam Received See: http://www.sorbs.net/lookup.shtml?64.233.166.179

A few months ago my grandmother's ISP started using the sorbs.net blacklist which blocks quite a few gmail servers. At least half the e-mails I sent her were returned because of the blacklist. I eventually gave up on e-mailing her through gmail because it was so unreliable.

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

        xxxxxxxx@cogeco.ca

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 554 Service unavailable; Client host [64.233.184.194] blocked using dnsbl.sorbs.net; Spam Received See: http://www.sorbs.net/lookup.shtml?64.233.184.194

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

        xxxxxxxx@cogeco.ca

Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 554 Service unavailable; Client host [64.233.166.179] blocked using dnsbl.sorbs.net; Spam Received See: http://www.sorbs.net/lookup.shtml?64.233.166.179

You can also customize them in Postfix, but the nature of the message means nobody reads them anyway.

Your custom message will appear as a single line below four or five lines of technical jargon appended by the sender's own SMTP program. There is no ability to add formatting or hyperlines, as it's just plain text.

Including the web address for a blacklist lookup (e.g. "Your message was blocked because it came from a server that sent spam, please see http://sorbs.net/lookup?ip=w.x.y.z") has proved completely ineffective.

A human contact name and number is probably a little more likely to be noticed, but the problem still remains that the bounce messages are too hard to read.

Our ISP has recently had to filter mail via SORBS (http://www.sorbs.net/) to combat the amount of spam - it's been causing havok as hotmail and yahoo users get their mail randomly rejected. I'm presuming this is a simlar line of defense.

> I'd say one of the mail problems with GMail is the fact that their outbound SMTP relayers
> are off-and-on listed in the dnsbl.sorbs.net blackhole. This means mail you send out may
> get blocked by receiving servers that check this blackhole.
>
> I'm regularly getting these kinds of messages when I send out mail and that really sucks:
>
> PERM_FAILURE: SMTP Error (state 9): 554 Service unavailable; Client host [64.233.166.180]
> blocked using dnsbl.sorbs.net; Spam Received See: http://www.sorbs.net/lookup.shtml?64.233.166.180

How is that a problem with GMail? Seems to me it's a problem with sorbs.

sorbs has suggested to GMail that GMail should expose the IP address from which the message originated; that way sorbs could block by real IP instead of GMail's mailing agent's IP. GMail has responded that to expose the IP of the sender would violate the privacy of the sender. sorbs responds, basically, "well, IP address is how we work. If you only give us one IP address to work with, that's the one we list as blackholed." And so they list the GMail outbound IP addresses as blocked.

More saliently, sorbs says:

sorbs does NOT block email, websites or the Internet.
sorbs is NOT CAPABLE of blocking email, websites or the Internet.

What you need to do is contact the mail server that (after communicating with sorbs) decided to block your mail. The only way sorbs will ever change their policy of "you must violate the privacy of your users or we will block your mail" is of enough of their users complain about it.

One of the main problems with GMail is the "on behalf of" thing when trying to masquerade under a valid alternative email address.

I'd say one of the mail problems with GMail is the fact that their outbound SMTP relayers are off-and-on listed in the dnsbl.sorbs.net blackhole. This means mail you send out may get blocked by receiving servers that check this blackhole.

I'm regularly getting these kinds of messages when I send out mail and that really sucks:

PERM_FAILURE: SMTP Error (state 9): 554 Service unavailable; Client host [64.233.166.180] blocked using dnsbl.sorbs.net; Spam Received See: http://www.sorbs.net/lookup.shtml?64.233.166.180

"Running mail at home is a waste of my time. It can be done, but you get nothing but hassle out of it..."

• Mail clients are filtered through my firewall: I blackhole bogons for example, and certain abusive networks.
• RBLs of my choice: There are good RBLs and bad RBLs. I like the ORDB list, DSBL list, the Spamhaus SBL and XBL lists, the SORBS DUL list, and the Spamcop blocking list.
• Greylisting: This is effective for eliminating the remaining spam that makes it through your SMTP-time filters.
• Challenge-response: Yeah, I know... love 'em or hate 'em. TMDA has been useful to me in the past, though I'm not sure I'm going to keep it much longer.
• One-time email addresses: If you maintain your own server and domain, then you can have as many email addresses as you want. Expire them on your schedule, or perform special processing for mail received at those addresses.
• Forget about artificial mail-size limits: My ISP's email accounts cut off attachments at something like 2MB. So much for that camping video my friend wanted to send me. My personal mail server is much more forgiving.
• Flexible and secure access: My mail clients use POP3 and IMAP inside the firewall, and IMAP via SSH port-forwarding from the outside.

Ever head of the many great realtime blackhole lists?

http://www.spamcop.net/bl.shtml
http://dnsbl.njabl.org/
http://ordb.org/

No need to roll your own. There is even one designed to list dynamic IPs (http://www.dnsbl.nl.sorbs.net/).

It just seems unreliable to assume that a home connection will have the terms "dsl" or "dialup" in the DNS name. But I suppose most indicators of spam are naturally unreliable. I've been meaning to change the reverse lookups for my IPs to something less lame for years now; this is a good reason to do it.

Oh, it is rather unreliable, which is why there are things like The SORBS dynamic IP RBL to consolidate that sort of information.

Thanks for the fucking suggestion, though.

Well, that is if SPF can be considered "redefining email", rather than a simple extra DNS-based check (that doesn't alter SMTP). Hardly what I'd call "redefining", but then I generally don't call myself an "idiot" either.

Yes, it would be nice if ISPs would all act in the interest of common good of everyone (rather then self-interested profit, laziness or incompetence). That certainly sounds like a "better" solution, much like communism seemed better social system than capitalism. Saddly, depending on all ISPs to cooperate is doomed to failure, for much the same reasons communism doesn't really work.

RFC-wise, it is RFC 2476 which is intended to address this problem. If you read only the abstract, you will see it clearly explains that SMTP was intended to be used for transfer, not submission, as people are doing today. You'll likely insist using RFC2467 message submission is not a hard requirement... but there is certainly an RFC which addresses the perfered way to submit email.

I would in turn challenge you to quote any current RFC which specifically suggests a SMTP client should spoof the sender envelope. Or for that matter to actually complain about the extreme difficulty or cost of complying with RFC2467 message submission.

But what really matters, in practice, is the willingness of other SMTP servers to accept your spoofed messages. Many spam filters now take into consideration blocklists of IP ranges knows to be residential IP ranges. Because you have not noticed any sign of that (yet) does not means it doesn't exist. To prove the point, here are a couple links:

http://www.nl.sorbs.net/faq/dul.shtml

http://www.spampalforums.org/phpBB2/viewtopic.php? p=35957&

You can easily find many, many more using google. It is true that some servers are blocking or filtering messages that originate from dynamic or residential IP numbers, and evidence of this is easy to find on-line, as people who can't communicate seek help.

But you can deny it all you like. You can claim spoofing is fully RFC compliant despite RFC2467's recommendation to use message submission. You can call SPF and similar systems "redefining email". You can even call anyone who disagrees an "idiot" if you like. But eventually, enough of your spoofed messages will go undelivered that you'll have to upgrade to proper message submission or some other way that is ultimately accepted by your intended receipients.

This is the changing reality of email in the face of spammers and malware. Deny it all you like.

Well, that is if SPF can be considered "redefining email", rather than a simple extra DNS-based check (that doesn't alter SMTP). Hardly what I'd call "redefining", but then I generally don't call myself an "idiot" either.

Yes, it would be nice if ISPs would all act in the interest of common good of everyone (rather then self-interested profit, laziness or incompetence). That certainly sounds like a "better" solution, much like communism seemed better social system than capitalism. Saddly, depending on all ISPs to cooperate is doomed to failure, for much the same reasons communism doesn't really work.

RFC-wise, it is RFC 2476 which is intended to address this problem. If you read only the abstract, you will see it clearly explains that SMTP was intended to be used for transfer, not submission, as people are doing today. You'll likely insist using RFC2467 message submission is not a hard requirement... but there is certainly an RFC which addresses the perfered way to submit email.

I would in turn challenge you to quote any current RFC which specifically suggests a SMTP client should spoof the sender envelope. Or for that matter to actually complain about the extreme difficulty or cost of complying with RFC2467 message submission.

But what really matters, in practice, is the willingness of other SMTP servers to accept your spoofed messages. Many spam filters now take into consideration blocklists of IP ranges knows to be residential IP ranges. Because you have not noticed any sign of that (yet) does not means it doesn't exist. To prove the point, here are a couple links:

http://www.nl.sorbs.net/faq/dul.shtml

http://www.spampalforums.org/phpBB2/viewtopic.php? p=35957&

You can easily find many, many more using google. It is true that some servers are blocking or filtering messages that originate from dynamic or residential IP numbers, and evidence of this is easy to find on-line, as people who can't communicate seek help.

But you can deny it all you like. You can claim spoofing is fully RFC compliant despite RFC2467's recommendation to use message submission. You can call SPF and similar systems "redefining email". You can even call anyone who disagrees an "idiot" if you like. But eventually, enough of your spoofed messages will go undelivered that you'll have to upgrade to proper message submission or some other way that is ultimately accepted by your intended receipients.

This is the changing reality of email in the face of spammers and malware. Deny it all you like.

Unfortunately, in the real world that doesn't work.

1. Stop spamming or clean up your network (if applicable)

Ok, so it was a customer who sent the spam. He was stupid enough to send 3 emails to SORBS spam trap addresses and you are now blacklisted. It took him precisely 50ms to do this. How do you propose 'cleaning up your network' to prevent this sort of thing happening?

2. When you have fixed your problem, politely ask the blacklist to update your listing ... and then wait while they ignore your request, or demand a $50 'fine'.

3. If you really encounter dead ends, then ask sites using the blacklist to discontinue their use of the list.

This only works if you are a customer of the blacklist user ISP, and then only if a very large proportion of the other customers are also up in arms. (But how many ISPs even make public which RBLs they use?)

Some are well maintained, and even automatically maintained. spamhaus and spamcop come to mind. One of the less desirable ones that comes to mind is SORBS, where if they list you in one category you've got to donate $50 to charity, per message, to be delisted. You're an ISP providing smtp to your customers, and you're listed again? Tough.

Some are well maintained, and even automatically maintained. spamhaus and spamcop come to mind. One of the less desirable ones that comes to mind is SORBS, where if they list you in one category you've got to donate $50 to charity, per message, to be delisted. You're an ISP providing smtp to your customers, and you're listed again? Tough.

I take you don't contribute to any large open source project then. For example, FreeBSD has several committers from Taiwan, China and other asian countries. It has developers from all over the world. By banning netblocks you're reducing the chance of ever getting in contact with people from those countries. Why?

Just today I've tried to answer a question on the freebsd-questions mailing list and the recipient's SMTP server has rejected my message because they use a stupid non-working dnsbl system that thinks my IP is dynamic.

I find it funny that this article talks about China, 90+% of the spam I get comes from residential DSL and Cable computers from... yes, USA. It's compromised Windows boxes that do the job these days, and there are thousands of them everywhere, not just in China and Korea.

I used to receive hundreds of spam everyday.

My solution? Simply configuring sendmail to use SORBS ( Spam and Open Relay Blocking System) stopped 98 percent of my spam traffic right there.

Using SpamAssassin really just blocks anything left over. I'm lucky to see a single peice of spam once a week.

OK, Here's a list of 3 million IP addresses that are relaying spam. I block mail from them to my inbox. So does Sourceforge. Who's going to pay all this money? Next idea?

The ISPs are pushing broadband -- hard -- and should be responsible for either providing a HW firewall with their DSL/cable modem or at least educating their customers that they need to install one.

I felt the same way when the AOLers discovered Usenet years ago. AOL brought them here, so AOL should teach them netiquette.

Also, broadband ISPs should register their dynamic IPs at SORBS.

It's not a Windows problem, it's a PC enduser problem. The domain technical contact is ultimately responsible for his users.

It's not hard at all to block these cable/DSL/dialup hosts from sending you mail. Here's what I use:

1) A filter that looks for hostname patterns that look like consumer internet connections (DSL/cable/dialup):

[note: these are in Exim lookup-table syntax]

\N^(dsl|cable|adsl|dialup|docsis|pool|ppp|client |c lient2).*$\N
\N^.*\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3} .*$\N
\N^c\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\..*$ \N
\N^[sShH]\d{3,}.*\.[a-z][a-z]\.shawcable.net$\ N
\N^.*\d+\.charter-stl.*$\N

2) Next, you block known spam-source countries. Some may take offense to this but the company I work for only sells products to people in the US, so these filters aren't a problem. To accomplish this, I set up djb's rbldns server on one of my machines. Currently, I'm blocking netblocks from Brazil, China, Korea, Malaysia, Nigeria, Russia, Singapore, Taiwan, Thailand, and Turkey. These netblocks come courtesy of blackholes.us.

3) Anything that is not caught by those first two local options is run against the DNSBL list at SORBS. We choose to use their combined blackhole list but you could just as easily go with their anti-dialup/dsl/cable IP list.


If an e-mail makes it through all of that, it gets run through SpamAssassin and blackholed if the score is >= 7.0 and marked if the score is >= 4.0.
We're also doing a bit of tarpitting. Every time we get a connection from a blacklisted IP, we tarpit them for two minutes before spitting out a 550 error code.

Despite this, we still get some spam and dictionary attacks. The spam gets filtered by the client and the dictionary guesses are blackholed by the local delivery server, which is configured not to send bounces.

Chris

I think laws can be helpful, provided they are not, well, clueless. As for CAN-SPAM, the best part is outlawing the use of deceptive headers. Now pill pushers and mortgage brokers (who are almost always located in the U.S.) can be prosecuted if they forge headers. If they don't forge headers, then ISPs can blacklist their source much more effectively.

The more common blacklists (at least the ones I use) are Spamhaus , Sorbs, and NJABL. I don't think those are going down anytime soon, with the work they have done to distribute their hosts.

I completely agree that ISPs (and any business that has computers connected to the Internet) should block egress port 25 traffic. I have rallied this point for quite some time, and it has proven to be quite unpopular:

• ISP's need to block egress port 25!!
• Good news!
• What about port 25?

WaterKeeper.ca, the site for the Lake Ontario Waterkeeper (part of Robert F. Kennedy's Waterkeeper Alliance) had the same problem, but with SORBS. WaterKeeper.ca is hosted on a server at a hosting company, shared by many other customers. The problem is, one or more of the other customers were allegedly sending spam messages, and SORBS blacklisted the whole box, leaving Lake Ontario Waterkeeper unable to communicate with many people who depend on their newsletters to keep up to date with environmental battles they are fighting.

Since 1996, I've been involved with running SMTP servers in some capacity, and I've always felt that the real-time blacklist services, while good intentioned, are a poor way to deal with the problem of SPAM. Too often, legitimate organizations get blacklisted because a few (and sometimes, only one) twit(s) forget that they've opted in to something and decide to report a message as spam. We're not talking about someone or some organization buying a mailing list here, either. In 100% of the circumstances that I've been involved with where someone has been blacklisted by an RBL, the messages that triggered the "spam" complaints have been totally opt-in newsletters - the people sending the messages haven't purchased their mailing lists, but instead, compiled them by having the users -specifically- request the content.

What makes things worse is that SORBS, for example, requests a "donation" to a charity in order to have you removed from their list. To me, that borders on extortion.

What makes it even worse still is that with SORBS blacklisting the whole box, all the other legitimate use e-mails being sent from that machine to SORBS-enabled mail servers are left out of luck. It's one thing to punish -one- "spammer", but with hosting companies as popular as they are, blacklisting an IP sometimes blacklists dozens (or even hundreds) of customers at a time, all sharing the same server. Suddenly, many people sharing a server have a problem, because one person was "spamming" and the RBL's are far too wide a net to cast over that single offender as they try to deal with the problem. When does the "service" they provide become a disservice because of the collateral damage it causes?

It's high time we abandon the clearly flawed RBL concept (and any other technological forms of dealing with spam) and start -really- putting pressure on our elected officials to enact sufficiently strong anti-spam legislation. Consider that many forms of copy protection and DRM have been cracked, replaced or upgraded, then cracked again... and you see that where there is a will, there is a way. Everytime we suceed in blocking spam by some means, it takes little time for the spammers to find another way to get their junk into our inboxes.

Not until we make spam a significantly expensive proposition (in the form of fines - I personally would love to see chronic spammers tarred and feathered, but I digress), will the "internet marketing" companies finally be stopped from flooding my mailbox with their messages.

Clearly, there are issues of jurisdiction standing in the way of this... but in my opinion, if copyright laws can be shared and upheld through a multi-national treaty, why can't a similar anti-spam treaty exist?

Now, I should point out that the unrealistic elitist in me remembers when spam didn't really exist, because not everyone and their grandmother had decided to rape the internet so that they could make a quick buck. Spam just reminds me - hundreds of times a day - that for all things good in the world, humanity finds a way to take advantage of it, use it until it's ruined, then move on to the next thing... you know... kind of like what 2nd wave style industry (to reference Toffler) is doing with our planet. Spam is just the next form of pollution that

Great post - mod up please!

A few weeks ago, easynet.nl's rbls were taken down, whom I was using as my only means of blocking mails from dynamic ranges, as well as one of my open proxy lists. The load on our mail server went through the roof as we were flooded with hundreds of thousands of junk mails poring in from dynamically assigned ip ranges and hijacked proxies, all of which have NO BUSINESS WHATSOEVER sending my users their garbage.

Just in case people who used it don't know, the EasyNet dynamic range list is now up and being maintained by SORBS (announcement) / How to Use

You're probably right, they will eventually want to charge money, and, IMHO, thier solution looks overly complicated and manipulable (spammers pay for "trusted" members to list them as "trusted").

It would be better if ISPs participated in services like the ORDB, SORBS and Monkeys that have simple network testable criteria for listing open relays. Spews, Spamhaus, and DSBL have reputable lists of usernames and addresses that send spam. If ISPs and admins would participate in projects like these, the spam problem would be greatly reduced. And it seems that these projects are mostly run by admins who are interested in blocking spam, not selling a service.

By the way, MAPS is currently free for individual use (look at the bottom of the page).

Aside from the obvious of getting the authorities to crack down on the existing illegal activities (relay hijacking, violation of TOS of ISPs, header forging, etc.) which is the only true solution, I think there are much better approaches than this "greylisting" method.

The problem with the greylist method is it still slows down mail service, and potentially more than the relay blacklist features. The objective here is that end-user/networks should not be penalized in the fight against spam. We already waste too many resources, and according to my latest mail server stats, more than 65% of our inbound mail is UCE. I'm fed up with more than half my e-mail bandwidth being crap my users didn't request so more resource allocation on a local level in the fight against spam is counterproductive!

Here's a very clever, much more practical method I cound recently.

A company is Canada has set up what it calls SORBS: Spam and Open Relay Blocking System.

What's different from their blacklist is that they maintain "honeypots" strategically located around the Internet. These are servers they specifically set up as inbound mail relays, but never for legitimate purposes. If the servers get [select] mail activity, it's assumed to not be legitimate and it flags the source as a potential spammer... it makes a lot of sense. You create a domain name, but don't promote it in any legitimate manner, and/or you seed spam lists with these e-mail addresses and then let the spammers send to your key systems around the internet and *bam*, they're identified in real time, and then added to a blacklist.

I really like this idea. Like any other system, it has the potential for abuse but the beauty is the identity of the honeypot systems is kept secret, so it's very difficult for anyone other than spammers to exploit the network.