Are SPAM Blacklists Unreasonable?

rlsnyder asks: "I'm the inadvertant co-administrator of e-mail a for company that relies pretty heavily on it for daily business (e.g. sending confirmations of financial transactions). At one point in the not-too-distant past, our server was an open relay. I admit I'm a sinner for letting it happen, and I'm ready to do my pennance. Given the relatively low volume of mail our server moved that did not originate from inside, I doubt I was a major contributor to the world of SPAM. In any event, we've been blacklisted on a number of sites. Some lists have reasonable policies, and we've since been removed. Other places are a little more arbitrary as to removal policies, and although I can prove we're not a relay, we're still listed." While I approve of the basic concept of SPAM Blacklists, there are dozens of SPAM blacklists out there who are real keen on adding open relays to the list, but not so keen on taking rehabilitated hosts out. I would posit that SPAM blacklists that are not properly maintained are a part of the problem, not the solution. What are your thoughts on the subject?

rlsynder continues: "Am I way off base here, or is this self-appointed mail police thing going in the wrong direction? Given that I can't reliably deliver e-mail to a number of places due to being blocked, I've got a big exposure. Is this making spam less of a problem, or are we trading one problem (SPAM) for another (the reliablility of proper maintenance of SPAM Blacklists)?

I could draw a bunch of analogies here, but isn't the bottom line that no one owns the internet e-mail system? I realize no one makes ISP's subscribe to the blacklists, but basically, I'm trying to move data from one point to another, and some machines in the middle are discriminating against my data because a corrected, perfectly legal system configuration error. How is this helping? Has SPAM really decreased universally thanks to these lists?"

I've been e-mailing the admins of those lists,...

[5.25"+Floppy]

... but dammit, they just don't seem to be getting my e-mail! I'm going to start having all my friends send them a few mails as well... *sigh*

Naughty in his sight

[ackthpt]

At one point in the not-too-distant past, our server was an open relay. I admit I'm a sinner for letting it happen, and I'm ready to do my pennance.

...and the number of counting shall be three...

Please list your domain.

[Henry+V+.009]

Unfortunately you are on my personal spam blacklist. I will consider removing you in return for a fee that will be calculated based on the amount of my time you wasted by allowing yourself to be used as a tool of the spam distributors. And I want you to grovel too.

P. S. And how come I never got those pics of Teen Sara27 XXX 18th birthday?

MOD THIS UP!!!!

Gee (Mr,Ms) Insightful, I never would have guessed that.

ObJoke: SPAM(tm) vs meat product

Hormel owns the trademark on the meat product

Meat product? I thought we were talking about SPAM?

*rimshot*

Thank you very much, folks. I'll be here all week. Remember to tip your waitress!

some of thee guys are nuts

[ellem]

A little while ago a site I worked at was blacklisted.

We fixed the problem that day and when we contacted the SPAM COP he wrote back to say, basically:

All Lotus Notes Mail Servers are insecure so we're leaving you on the list. Get another mail server.

I made achange in the Notes.INI file that made it look like I was using SendMail. And he fixed us.

Ridiculous policy. Notes is pretty secure anyway! I wonder what this guy read...

Re:It's democracy and freedom in action.

[10.0.0.1]

I think that guy should go ahead and add your email address to his spam list. After all, it is postmaster@127.0.0.1, isn't it? :)

Re:Mail servers are private property

[nick+this]

I think that the database approach is not the solution to the problem. The better approach may be to define a mail header that compliant webservers may attach saying that the mail was sent using open relay. This could then be blocked by destination servers using their own rules.

Hey... this is a good idea. So if I've got the concept right, then those people that set the mail server up the wrong way to begin with would just adjust the configuration of their mail server. Not to stop acting as a spam relay, but to add a header saying that any mail going through might be spam?

Uh... riiiight...

While we're at it... here's another idea from the same well:

There are still a couple bits unused in the IP header aren't there? One flags bit and one service bit or something? We could just appropriate those. We could set up encodings to mean that a particular packet was part of a data stream that was:

• Attempting to hack or probe the destination system
• Attempting to steal computing time or other resources (spam)
• A general waste of resources (d/l pr0n, mp3, slashdot, etc)

Hacking tools could be written to set those bits, mail sent from spam servers could be configured to set the appropriate bits. DDoS bots, news clients downloading from the alt.binaries.* newsgroups, browsers to the slashdot.org domain, etc, etc. Or perhaps there could be an interface on the user's side... so that when the user was doing something that was wasteful of their employer's time or bandwidth, they could just check the "I'm wasting bandwidth" checkbox, and then the network administrator could decide whether or not to pass the traffic.

I think you are on to something here...

Re:Blacklist of blacklist sites?

[Iffy+Bonzoolie]

How many sites could a blacklist site blacklist if a blacklist site could blacklist sites?

How many sites could a blacklist site blacklist site blacklist if a blacklist site blacklist site could blacklist blacklist sites?

Whee!

-If