rlsnyder asks:
"I'm the inadvertant co-administrator of e-mail a for company that relies pretty heavily on it for daily business (e.g. sending confirmations of financial transactions). At one point in the not-too-distant past, our server was an open relay. I admit I'm a sinner for letting it happen, and I'm ready to do my pennance. Given the relatively low volume of mail our server moved that did not originate from inside, I doubt I was a major contributor to the world of SPAM. In any event, we've been blacklisted on a number of sites. Some lists have reasonable policies, and we've since been removed. Other places are a little more arbitrary as to removal policies, and although I can prove we're not a relay, we're still listed." While I approve of the basic concept of SPAM Blacklists, there are dozens of SPAM blacklists out there who are real keen on adding open relays to the list, but not so keen on taking rehabilitated hosts out. I would posit that SPAM blacklists that are not properly maintained are a part of the problem, not the solution. What are your thoughts on the subject?
rlsynder continues: "Am I way off base here, or is this self-appointed mail police thing going in the wrong direction? Given that I can't reliably deliver e-mail to a number of places due to being blocked, I've got a big exposure. Is this making spam less of a problem, or are we trading one problem (SPAM) for another (the reliablility of proper maintenance of SPAM Blacklists)?
I could draw a bunch of analogies here, but isn't the bottom line that no one owns the internet e-mail system? I realize no one makes ISP's subscribe to the blacklists, but basically, I'm trying to move data from one point to another, and some machines in the middle are discriminating against my data because a corrected, perfectly legal system configuration error. How is this helping? Has SPAM really decreased universally thanks to these lists?"
Slashdot Mirror
The company I work for had the same problem. As a result, we ended up having trouble getting e-mail to some of our customers. Thankfully, it was easy to get ourselves removed, but I think if people are going to use blacklists, they should also take the responsibility of keeping them maintained, both in additions and removals.
This is a fallacy that continues to be propagated. I own my own mail server. The company I work for owns its mail servers. We can both decide who we want to allow to send mail to our users.
At work, we use two open relay lists; ORDB and ORBZ. Nobody forces us to use them; it's our server cluster, and our choice.
The reason we use those two systems, however, is due to the reasons pointed out in the article. Some blacklists are far too easy to get onto, or hosts are arbitrarily added by humans. The only way to get onto either of those lists is to be an open relay. The only way off is to be automatically retested and found to not be an open relay.
Yep, that's the root of the problem: there are a number of for-free blacklists out there which are professionally managed. Those are the ones that should be used.
And as long as we publicly point out the blacklists that are being poorly run, people will stop using them, and switch to the good ones (like RBL, RSS, DUL, ORDB). The solution is not to ban or otherwise stop using blacklists, the solution is simply to (vocally) promote the ones which stay on top of the problem.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
We use ordb and orbz here at work. Over a day or so it rejected about 500 emails.
Then we blocked all mail from mail servers who's IP numbers don't resolve. Now we have cut down on spam dramatically.. our root@ email account has gone from 200 spam emails a day to about 10
"I keep looking in the want-ads under 'revolutionary' but there don't seem to be any listings.. "
Crack house? A bit harsh considering the guy simply had an open relay which he then fixed.
You really think this is a valid analogy? Go spend a night in one, then go back to our cushy world of sysadmin stuff.
Didn't think so.
I'm betting he was asked to install a server - prolly a turnkey type - did so, and watched it chug along for a good long time before someone found out it was open and started using it.
More like finding a crackhead in your garage, eh?
Gee, ya think maybe he missed the giant neon sticker that came with the mailserver manual that said "your box is an open relay by default. fix that. tag - you're it!" Oh, right - that's because there is no such sticker.
If they maintain the lists, they should *maintain* them, not just treat them like a brick wall and simply pile up the addresses and leave it at that. My experience with orbz is that they don't pay attention to the people in the middle - I've been there.
Just takes a little bit of hard work, and this guy's apparently willing to do his part.
Lighten up and tackle the appropriate problem.
--Jake
rlsnyder asks Has SPAM really decreased universally thanks to these lists? Well, it is hard to say. Spam has increased monotonically since its inception, and it continues to grow. It is possible that blacklists have helped lower the rate of growth.
What blacklists really do is get the attention of sysadmins, and get them to take the problem seriously. I, like rlsnyder, was victimized in the same way -- our mail server was an open relay, we forwarded some spam, and got blacklisted. It took me a week or so to get it straightened out, and in the process I learned quite a bit about the UCE problem. rlsnyder similarly has been enriched by the experience, whether he agrees to that at this point or not.
One always has the option of sending mail from one of the many free mail systems. If your mail is blocked while your case is being reviewed, then send it from hotmail or someplace like that. That's what we did. In took about a week for the last of the spam reporting services to delist our site, and while it was inconvenient, it wasn't devastating. It won't be for rlsnyder, either, I trust.
The big problem is that there is nothing to stop the spammers. People who relay mail through unsuspecting companies are already criminals, they will not be dissuaded by laws. The only thing that the anti-spam community can do is to try to put a finger in all 2^32 holes in the dike, and the only way to do that is to educate people. The blacklists are that education program
thad
I love Mondays. On a Monday, anything is possible.
Nope, the usual way to do it is:
1. Filter the open relay checker's IP.
2. Click 'check me now'.
3. Spam as usual.
This is a retarded, but effective way of avoiding the automatic blacklist generators.
You'll still get on a lot of the automatic+human checkers like MAPS' open relay list.
A good point. That's why I'd buy SPEWS a beer.
The system appears to be automated -- if the blocked host stops sending spam for a long enough period of time, SPEWS appears to unblock it.
If, on the other hand, the spam continues to issue from the blocked host, SPEWS appears not to unblock it.
From what I've read in news.admin.net-abuse.email, the length of time for which a provider remains in SPEWS appears to be proportional to the length of time the provider ignored abuse complaints.
Contrast this with a privately-run blocklist (e.g. my "fsck it, block the /24".) I can't be bothered to check if the /24 has cleaned up. There are IP address ranges all the way back to the days of Cyberpromo that I haven't been bothered to unblock.
The advantage of SPEWS and its ilk is that 1000 systems can be unblocked. The problem with the blocklist on my own system is that I can rarely be bothered to unblock it.
(In crackhouse terms, SPEWS reads police blotters, and if it stops seeing crime in a certain area, allows pizza delivery. I'm the crusty old Italian guy who says "No, you can't deliver to 48th street, it's a war zone, at least, it was the last time I tried to deliver a pie there sometime in 1996!")
If so, they're right in blocking you. You're saying "oh, we're not willing to go through the trouble of cleaning up our server, to hell with anyone who gets spammed." It's exactly those sites that they're supposed to be blocked
That's insane. Once you end up on a spamrelay list, you'll be the conduit for tons of spam within hours of even minutes. 10-15 days is an eternity in that respect.
Don't like living in a crack house? Move.
What about the people living next door to the crack house? Should they not be able to get a pizza as well? How about the good houses that get anonymously accused of being crack houses?
The fact of the matter is, for every legimiate spammer on the list (even the well administrated ones), there is another placed there unfairly.
In the three weeks preceding the much awaited dumping of ORBS, we started dropping mail from 4 different valid mailing lists and 1 valid business (it was a brick and mortar business - no web presence, just an e-mail server). One of the lists was LKML (and I have no idea why it was on the list), and the other three had the misfortune of being on the same web hosting service as a spammer.
The brick and mortar was on the list because of an open relay (which was a good reason to be listed), however once it was closed, they were not allowed to be removed, though their level of e-mail is about 20 - 30 message a day, and they have never send a spam in their existance.
The problem is that we are all living in close proximity here - legit businesses are only a few digits away from spammers (just like the real world). And the knee jerk reaction that most sysadmins take in dealing with the situation is similar in nature to burning half your mail daily because the postmark is similar to a known junk mailer. And burning is a reasonable analogy, because blocked emails don't get archived or analyzed, they get tossed, lock stock and barrel.
Its so easy for a sysadmin to install a blacklist and never worry about it again (unless of course, *he* starts losing messages).
The price for having a spam free existance is to constantly monitor and evaluate the system, not to light a match and walk away.
Do you have Linux and a DotPal? Click here now!
I don't accept ORBS having decided what's permitted and what's not !
ORBS does not decide what is "permitted" nor do any of these other databases. They have a set of criteria for deciding whether and when your mail server ends up in their database. If their criteria matches mine, then I can choose to use them as part of my mail filtering.
1. These list should inform you have been added
2. They should leave you 10-15 days to fix the problem before blocking you
3. They should help you. I was *very* shocked by ORBS attitude "we block you, and we don't care if you cannot correct it"
I'm sick of the attitude that ORBS owes you something when your mail server is an open relay. If your system is an open relay, your fuck-up will cost them time and effort as they add your system to the database. Now you think that they owe it to you provide you an absurd amount of warning (10-15 days), notification that you were added, and then you want them to provide free consulting services (see item 3). If you don't know how to run a mail server, then stop trying to.
It's like being ticketed for driving your car down the wrong side of the road at 90 miles per hour and then being pissed off that the cop did not provide you with free driving lessons and give you 10-15 days to stop driving like that.
If your system is an open relay, unplug the Ethernet cable immediately and leave it unplugged until the system is fixed. If you don't know how to fix it, then pay professionals to provide your SMTP & POP services. A spammer could spew tens of thousands of messages per hour through an open relay and you owe it to everyone else on the net do whatever it takes, including pulling the plug, to make sure that your system is not an open relay.
I think that ORBS should charge a processing fee for "expedited removal" from their database and, otherwise, just remove systems once a week.
We (dds, a dutch isp) had a spam problem, and being a free email provider for such a long time did contribute to that. When we went out to solve this problem we did it in three steps:
.procmailrc and made a web interface to create procmail recipes in an "outlook" style.
/. , lurking time is over i guess :-)
- Implement RBL+ on our mailservers (got the load down a bit though)
- Created a global "spam filter" (weight system a la junkfilter) wich was opt-in for our users..
- We installed procmail, gave each user it's own
This recipe maker could then be accessed by each user on their own user pages, or they could just make receipts through their shell access
Our end users didn't really notice much about our use of RBL. And most of them don't know what rbl is annyway.
But giving them the possibility of filtering email on the serverside _themseve_ did make a difference! It gave them a feeling we are fighting spam, and that THEY are also in control !
And last but not least... Giving your users info on how to _avoid_ spam is important!. We did this by writing clear faqs on avoiding spam, and pointing each new user to these faqs
(b.t.w... this was my first post on
-- Hi! I'm a signature virus. Copy me into your sig file and help me spread