rlsnyder asks:
"I'm the inadvertant co-administrator of e-mail a for company that relies pretty heavily on it for daily business (e.g. sending confirmations of financial transactions). At one point in the not-too-distant past, our server was an open relay. I admit I'm a sinner for letting it happen, and I'm ready to do my pennance. Given the relatively low volume of mail our server moved that did not originate from inside, I doubt I was a major contributor to the world of SPAM. In any event, we've been blacklisted on a number of sites. Some lists have reasonable policies, and we've since been removed. Other places are a little more arbitrary as to removal policies, and although I can prove we're not a relay, we're still listed." While I approve of the basic concept of SPAM Blacklists, there are dozens of SPAM blacklists out there who are real keen on adding open relays to the list, but not so keen on taking rehabilitated hosts out. I would posit that SPAM blacklists that are not properly maintained are a part of the problem, not the solution. What are your thoughts on the subject?
rlsynder continues: "Am I way off base here, or is this self-appointed mail police thing going in the wrong direction? Given that I can't reliably deliver e-mail to a number of places due to being blocked, I've got a big exposure. Is this making spam less of a problem, or are we trading one problem (SPAM) for another (the reliablility of proper maintenance of SPAM Blacklists)?
I could draw a bunch of analogies here, but isn't the bottom line that no one owns the internet e-mail system? I realize no one makes ISP's subscribe to the blacklists, but basically, I'm trying to move data from one point to another, and some machines in the middle are discriminating against my data because a corrected, perfectly legal system configuration error. How is this helping? Has SPAM really decreased universally thanks to these lists?"
Slashdot Mirror
Hormel Foods has stated they don't mind the use of the word 'spam' to refer to U.C.E., or junk mail, as long as people don't use the term spelled in all-capitals. Hormel owns the trademark on the meat product, SPAM. Given their more-reasonable-than-average position on this, let's respect their request?
[
I like the idea of something like MAPS-RBL, but I think many of them are bad hacks put together by guys who take the spam thing as a holy crusade. I don't really have a problem with that, its a free country, you do what you want.
However I fault ISPs for using them without understanding their policies. Many ISPs use these small-time black-holes because they don't want to use MAPRBL (I assume its a money thing at this point). And if you get listed, how do you know that you're listed? You don't until somebody calls somebody and says "I can't get mail through to you". There needs to be a better way.
And some sites, its not worth getting delisted. "www.joes.antispam.site.com" isn't worth the effort one way or the other.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
Although I am not sure of a solution to the poster's problem, I must take this time to note that your company can lose business if you use certain ISPs.
... basically, even if you're not involved in SPAM, you never know if your IP has been used for mischief in the past, or if your ISP is a moron.
A good example is Rackspace. Yeah, you've seen those ads and think Rackspace is full of good little geeks, but many spamlists block all of Rackspace's IP blocks from sending mail. They host many repeat offenders and do very little to combat spam.
This is just one example, though
-d
ordb.org is a great site for this. They are very professional with both addition of servers, and subtraction of them. My mail server was an open relay for a time till I got an email from them saying that I was blacklisted. I quickly fixed the server, and submitted that my site be checked again, the next day I was taken off their lists, very easy. They run about 20 tests connecting to your server and sending e-mails for the most common way of sending spam. Also, as they say in their faq that they reload their lists every hour to get servers off it quickly. Well done!
I'd just like to give some props for SpamAssassin.
If you haven't heard of it, it's an elegant system that assigns a weight to each email message based on hundreds of different tests, and if the email scores over 5 (configurable), it is marked as spam.
One of the nice things about it that is it uses most of the email blacklists, but they're only worth ~2 points, so being in a blacklist alone isn't enough to kill a message. That's good for those blacklists that throw far too many people in that don't belong (osirusoft). It also uses razor, but that is only worth three points, so if someone is piping bugtraq to razor-report (that happened for a while) you won't lose all that email.
There's a really interesting set of tests (it's fun to read them) each with an obscure set of points including:
HTML with a non-white bgcolor (1.2)
Claims conformance to obscure spam law (1.0)
HTML mail with no text portion (3.33)
Various spam phrases (various points depending on how many "hits" there are)
Subject ends in an exclamation point (0.5)
The points have apparently been calculated using some program to give the best accuracy.
Anyway, SpamAssassin is the best of the spam removal programs I've seen. Give it a shot!
Your problem is twofold. First, while you've cleaned up your open relay, plenty of spammers and spam-friendly hosts make the same claim and lie (Rule #1: Spammers lie). So you may have to be patient.
More importantly, your server ip may now be sitting in hundreds of private blacklists of mail servers whose admins don't like to use the centralized lists, and just reject/blackhole spammers on their own. It is the presence of well-trusted centralized blacklist services that gives you even the hope of ever having decent communication, because without them, you'd get into a thousand tiny blacklists and never get out.
(P.S. Note that if you're checking your status using the rblcheck tool at http://relays.osirusoft.com, it will tell you about a lot of blacklists that are not intended to be publicly used and not part of the usual osirusoft dnsbl, as well...)
Email servers are private property, but if a transit ISP subscribes to MAPS' RBL using BGP, that block gets null routed. This causes major outages for smaller ISP's.
I ran a simple procmail filter for a while, and I was astounded how much spam I could nuke by filtering based on subject line punctation. Some of my triggers:
more than 2 exclamation marks
more than 2 dollar signs
All caps
etc etc.
Worked pretty well, for its simplicity.
Try actually reading the question. The complaint is not about blacklists in general, but rather about poorly administered blacklists.
I personally like SpamCop.Net. It has a dynamic black list based on ip. If people report spam from a specific ip address, it will (after a certain threshhold) get added to the black list. Once the spam stops being reported, the ip address becomes open again.
Use EXIM as your mailserver and you can have the best of all worlds.
1) Messages are checked for RBL
2) A X-RBL-Warning header is added to the message
3) Users can choose to filter these messages themselves
the poster was just asking for common courtesy towards Hormel.
sheeesh, Hormel could of gotten all uppity about it, sent its lawyer out. We all know that cease and desist letters work. If you get a cease and desist letter, and don't, you end up in court. do you have enough money to fight this in court?
Now if I could only get one of those flaming SPAM hats.
The Kruger Dunning explains most post on
So, I guess you've never wound up the victim of a poorly-administered blacklist, have you?
My experience with open relays is virtually identical to that of the person who inspired this thread. My server was used as an open relay for part of a weekend.
Near as I can tell, the first spam fired its way out of my server on Friday night around midnight. I closed off the relay on Sunday morning around 10:00 am. In that time, literally thousands of spams were sent, so I fully expected to be blacklisted and even warned my bosses and co-workers.
What I didn't expect, however, was to still be trying to get myself off those blacklists SIX MONTHS LATER.
I think blacklists can be a valuable tool for fighting spam, but only if they're sensible. Blacklists that permanently block without ever rechecking blocked IPs are irresponsible. They're adding to the difficulty of using the Internet, not improving it. They're also reducing their value to their subscribers because they're blocking IPs they shouldn't.
In short, I agree with the post that called for an RFC. If there were some sort of standard for relay blacklists, it would be a damn sight easier getting off the lists once you've resolved the problem.
I thank the person for this thread. First off I am a user of DNSRBL's I was using MAPS for a long while until they went subscription. Spam is virtually none for myself and my customers so I thank those who run legitimate RBL's
/18 when in fact this ISP only had a /19. I contacted a maintainer of one of the RBL's that utilizes SPEWS and gave him a heads up that not only is this listing in error but Spews has blocked an additional 32 class C's that belong to another ISP. I informed him of a possible liability for such a mistake. He did not want to hear it and pointed me back to the news groups.
/18 changed to a /19 but my client remains blacklisted to this day.
A client of mine (also an RBL users) has been black listed by SPEWS for months now. This is a legitimate ISP with over 4000 dialups, few hundred DSL lines, and 100 or so collocated servers. They have been in business since 1993.
Someone built a case based on three different incidents over as many years to blacklist this ISP's entire netbock. Perhaps they should apply this same logic to UU.net.
When trying to appeal to them to be removed they were told to post to the mail abuse news groups as this is spews vehicle for removal. Well they did this and all they got was libelled by what sounded like a bunch of kids.
Here is the real bad thing about this. Spews blackholed a
Seems that he was nice enough to contact the guys at spews as the
In reallity it has not been a huge problem for them as I think even the hard core anti-spam advocates have distanced themselves from spews.
Suggest that he uses one of the several authentication tricks, such as POP before SMTP (where the server will only accept relay mail from IP addresses that have had a successful POP authentication in the last 5 minutes) to limit the relay.
If he still ignores you, Submit his IP to ordb.com --- at least that way I won't have to see the spam that evenually starts pouring through his server.
Debian: GNU/Linux done the Linux way
[Running an open relay is] like being ticketed for driving your car down the wrong side of the road at 90 miles per hour and then being pissed off that the cop did not provide you with free driving lessons and give you 10-15 days to stop driving like that.
Nice analogy, except that it doesn't work. If you're driving at 90 miles an hour on the wrong side of the road, then (1) your speedometer will tell you that you're driving at 90 miles an hour and (2) looking ahead will show you which side of the street you're on, which you can tell is the wrong side because of what you had to know to pass the test to get your driver's license.
With mail servers, however, there isn't, at least yet, any widespread tool that will tell you if you have an open relay (and given how such tools work, they'll probably be banned as "hacker tools" at the rate things are going these days). In fact, I found out recently that I'd been placed on a blacklist for having an open relay, which took me by surprise because I'd been careful to avoid having anything like that happen; it turned out that I had missed one of the potential avenues of abuse (specifically, using error bounces to spam people).
So until running a (secure!) mail server becomes as simple as driving a car and people need licenses to run servers, your analogy is inappropriate.