rlsnyder asks:
"I'm the inadvertant co-administrator of e-mail a for company that relies pretty heavily on it for daily business (e.g. sending confirmations of financial transactions). At one point in the not-too-distant past, our server was an open relay. I admit I'm a sinner for letting it happen, and I'm ready to do my pennance. Given the relatively low volume of mail our server moved that did not originate from inside, I doubt I was a major contributor to the world of SPAM. In any event, we've been blacklisted on a number of sites. Some lists have reasonable policies, and we've since been removed. Other places are a little more arbitrary as to removal policies, and although I can prove we're not a relay, we're still listed." While I approve of the basic concept of SPAM Blacklists, there are dozens of SPAM blacklists out there who are real keen on adding open relays to the list, but not so keen on taking rehabilitated hosts out. I would posit that SPAM blacklists that are not properly maintained are a part of the problem, not the solution. What are your thoughts on the subject?
rlsynder continues: "Am I way off base here, or is this self-appointed mail police thing going in the wrong direction? Given that I can't reliably deliver e-mail to a number of places due to being blocked, I've got a big exposure. Is this making spam less of a problem, or are we trading one problem (SPAM) for another (the reliablility of proper maintenance of SPAM Blacklists)?
I could draw a bunch of analogies here, but isn't the bottom line that no one owns the internet e-mail system? I realize no one makes ISP's subscribe to the blacklists, but basically, I'm trying to move data from one point to another, and some machines in the middle are discriminating against my data because a corrected, perfectly legal system configuration error. How is this helping? Has SPAM really decreased universally thanks to these lists?"
Slashdot Mirror
When I used to manage a mail server, I was asked to filer based on orbs. Not did this in no significant way limit the amount of spam entering the system, it became a huge administrative headache. Eventually, we stopped using the lists. I am sure there are likely better lists, but I simply prefer creating my own list, based on investigation into what's coming in.
In this day and age, there's nothing stopping blacklist coordinators from automating the rehabilitation process: Select your host and click 'Check me now!' Passing verification removes one's host from the list.
"It remains to be seen if the human brain is powerful enough to solve the problems it has created." Dr. Richard Wallace
You wanna live in a crack house? Don't go whining to the cops when you can't get a pizza delivered at midnight.
You wanna get bandwidth with a company that provides services to spammers and relocates spammers to IP addresses to avoid blocking of single IP addresses, don't come whining to /. when the rest of the world wants nothing to do with your ISP.
If someone spams me, I block the IP address. If the ISP relocates the spammer to another IP address in the same netspace, I say "fuck it", and block the /24. Or the /16, if need be.
Don't like living in a crack house? Move.
OK, you've fixed your mail relay(s)..
This is a good thing - and what every blacklist's ultimate goal is.
Speaking as a mail server admin, I'd be interested to know which lists are not removing you - so that I can make sure I'm not using them.
Seriously - letting people know about this is the best way to get what you want. If your site is not a relay, any blacklist maintainer is doing their users a disservice by listing you.
As a mail admin, I'd want to know.
Alternatively, you could do the American thing and threaten a lawsuit - most blacklist operators are immune from libel charges because they're just listing people who operate open relays (truth is defense against libel) - if you're not an open relay, then you've got a good case for libel: they're deliberately publishing false information to hurt your business.
The real question is did you only close down the open relay because of the black list? If that is the case then the black list did the job.
I agree that some BL's are not properly managed. The old ORBS system was a perfect example of this. They would add you if you were an open relay, but getting OUT of the database was pretty much impossible if the guy that ran it didn't like you or your attitude toward his "service".
One of my mail servers ended up on ORBZ as well as ORDB because I had made a mistake in the configuration, and I corrected it and was promptly removed after submitting a re-test request.
I now employ the use of RBL on my own servers, but I will only use those services which will remove "fixed" servers using an automated testing system that works properly. ORDB, ORBZ and Osirisoft's RBL's tend to be the best AFAIK. I have found that by using these systems, the level of SPAM that my users and I receive has dropped to a point where it's not entirely annoying or time-consuming to deal with it anymore.
One RBL that I stay away from using is the one operated by SpamCop (bl.spamcop.com). It's a great idea, but it ends up blocking out too much "real" e-mail as well, esp from the larger ISP's like Comcast, etc.
After lurking on news.admin.net-abuse.email for a while, I've seen a lot of mail admins post asking to have their servers un-blacklisted because they've "cleaned up their act" only to have it pointed out to them that they are still hosting spammers.
Perhaps you could tell us where you have been blacklisted and what IPs are listed so we can see for ourselves the veracity of your statement?
Correct.
/requiring/ you to use one transit provider. If you have an issue with RBL filtering, don't use that transit provider.
There are numerous ISPs out there; you are not required to use any one ISP.
If an ISP doesn't fulfil your specific needs, or has policies you disagree with, then there is nothing preventing you from using a different one.
Similarly, if you're an ISP, there's nothing
My employer's corporate office email system is an open relay, so that outlying offices (like ours) can send email, and so the company can track what we're doing.
Recently, spammers have discovered our open system and have been relaying at a furious rate (read: thousands of emails a day.) This caused *our* email to get reflected back to us most of the time, and it also got my employer's domain on several spammer blacklists. This is such a problem, that the corporate office recently switched ISPs over it.
Now, with the new ISP, the IT guys have "cracked down on security" by banning relaying...for 1/2 the day. In the mornings we can send all the email we want (and so can the spammers), but after we all get back from lunch, no more email can be sent out. My employer is baffled why we can't get off of the blacklists, even after the move to the new ISP. I just laugh and goof off for the rest of the afternoon.
I'm all for an appeals process of some sort in order to get off of spam blacklists, but some companies do deserve to stay there, as long as their habits and policies don't radically change.
not_anne
My comments here are my own; I do not speak for my employer.
a self maintaining blacklist. if you get blacklisted and then fix it, you go to a webpage that you submit that you're fixed. then the system simply uses a seperate computer that is NOT on the webpages domain and tries to relay email. if the relay happened then the blacklisted site is still blacklisted, otherwise it is automatically removed.
Maybe 100 lines in perl to accomplish this. no real effort required.
Do not look at laser with remaining good eye.
Bankrupt a few spammers, show others it is not cheap to spam. Maybe get some charged criminally.
All spammers should be tortured, then executed.
Fight Spammers!
IMHO, Blacklists are just a small band-aid on the gaping wound that is SMTP. SPAM has proliferated to the point where it needs to be dealt with in a more sane manner than just punishing the offenders.
I'm usually all for privacy, but I think we need to be using an email transport protocol that involves some form of authentication. I'm not sure if some such protocol exists already, but it doesn't seem like it would be too hard to create.
Am I way off base here, or wouldn't this cut way down on SPAM?
"Don't blame me, I voted for Kodos!"
(Someday, I envision a huge "I'm Spartacus!" cascade...)
> My customer goes to the newsgroup to ask to be let out of SPEWS. Group members flame my customer to a crisp because he is supporting spammers when he pays his bill every month.
As for nanae posters flaming your customer to a crisp, well, that's USENET ;-)
Seriously, I do have a problem with that, even though I understand why it happens. The problem is that if you've read nanae long enough, you've seen every spammer lie in the book, and you're very skeptical.
I don't know a solution for that one. It's disturbing - like the cop who busts everyone for minor traffic offenses, because he believes everyone's lying to him. He's heard "I left my wallet at home!" and "Gee, my speedometer must be off!" and "I just noticed the headlight burned out when I left work!" thousands of times over his career, and the thought no longer crosses his mind that once in a while, it'll be the truth.
The nanae problem, in this sense, is that your customer (unlike the poor schmuck who did leave his wallet at home, but who probably realizes he's still toast :-) has no idea how burned-out most nanae denizens have become, and is (IMHO justly) surprised and pissed-off at the rough reception he gets when he tries to make good.
As my initial /. post shows, I'm also part of that problem (too cynical for my own good), which is why I maintain my blocklist on my own box, and only lurk on nanae. But having seen the arguments in nanae so many times, and realizing many /.ers aren't regular nanae readers and haven't read them, I figured I'd throw my two bits in here.
What we all need to do is fake open mail relays. Just report "Yeah Mr. Spammer, those 50,000 mails were sent" while not doing a thing. The spammer will think the mail has been sent, we won't get the mails; everyone will be happy!
My friend is a smart guy, but he is running an open relay, mostly unprotected server(s) on a T1 that is just waiting to get nailed. He doesn't understand what kind of pain he could end up in and how much more difficult his life could become without precautions.
What do I do? Let him learn the hard way or is there some easy way to teach him a lesson without making him hate me for ruining his server. (and no, I'm not posting the URL here)
He likes the open relay part so that he has his own smtp server he can use from anywhere anytime - even though he has a secure server on DSL at home.
to email me: take my
That is such an illogical and poor analogy that
;-)
I hardly know where to start...
Well, obviously you did... As for an answer:
Not removing now closed relays from the list is like not releasing prisoners from jail. Something which might or might not be a good idea...
Also, I think the usefulness of DBs like ORBD lies in them staying current, as I think it might cost more losing one important mail than wading through tons of spam.
I really too should point out that I, for myself favours strict filtering of mail(servers), the reason being I'd rather miss out something not so important that most of my mails are, than d/l spam. Though I think this might not be true for others. You (fmaxell) seem to reason along the same lines as I do, but are you sure others do?
Of course, they do! otherwise it wouldn't exist services as ORBD!
Not removing now closed relays from the list is like not releasing prisoners from jail. Something which might or might not be a good idea...
That's assuming that you consider the list to be a punishment. I believe that they are information sources -- IP X was, and may still be, an open relay.
Also, I think the usefulness of DBs like ORBD lies in them staying current, as I think it might cost more losing one important mail than wading through tons of spam.
I agree. But keeping the open-relay databases current is not a responsibility the database providers have to those listed in the databases. It may affect the popularity and usefulness of their service, but that's another matter altogether.
If some person/group decides to create such a database, they have only the following two responsibilities:
1. Do not defame/slander by listing a system incorrectly. That said, they make up the rules and if they say their databases are "IP addresses that were open relays within the last six months", they have up to six months after a relay is closed to remove the record from the database.
2. Provide services paid for. If they accept payments to remove entries within, say, 24 hours (rather than the normal cycle), they have to remove those entries within 24 hours. Otherwise, they can remove them in conformance with the criteria that they set (see item 1).
Again, you are viewing this as punishment and I'm viewing it as information. Since ORDB does not block e-mail, harass ISPs listed in the database, etc., they aren't punishing. They are just providing information Now if bobco.com rejects your e-mail because your IP is listed in the ORDB, then maybe bobco.com is punishing you, but ORDB is not.
you very much can have an smtp server that does not listen on a tcp port, but it can only be used for outgoing mail. Many people use this configuration with sendmail so they can send mail directly from there workstation, but recive mail on another system. Sendmail is just invoked from the command line, so it doesnt need to listen on a tcp port.
-- free as in swatantryam - not soujanyam.
apparently the anti-spam fundamentalists don't see this as their problem. Eventually the problem will be solve because there will more ip on these lists then off. I hate spam but I am begining to believe these crusaders are just as bad.
Ever try to get help setting up a complient server? Try sifting through countless messages condeming any and everybody that doesnt fall into their radical camps.
Where are the moderates? http://www.dotcomeon.com/eff_011016.html
zenas
An open relay is not necessary in order to make email function at the outlying offices. You don't even need a VPN. The mail server can be configured with the static IP addresses of each of the offices as valid "local" addresses. Of course a VPN is much better as that also improves your security.
As confirmed by another of your postings, your company management are morons who have apparently hired idiots for the IT department. Obviously you recognize it, and can leave if you feel that is necessary, or can stay as long as you can deal with it, and are not blamed for it. Should they ever offer to promote you into IT, be sure you insist that you be given the authority to fix the problems with no further permission from management to go ahead.
now we need to go OSS in diesel cars