rlsnyder asks:
"I'm the inadvertant co-administrator of e-mail a for company that relies pretty heavily on it for daily business (e.g. sending confirmations of financial transactions). At one point in the not-too-distant past, our server was an open relay. I admit I'm a sinner for letting it happen, and I'm ready to do my pennance. Given the relatively low volume of mail our server moved that did not originate from inside, I doubt I was a major contributor to the world of SPAM. In any event, we've been blacklisted on a number of sites. Some lists have reasonable policies, and we've since been removed. Other places are a little more arbitrary as to removal policies, and although I can prove we're not a relay, we're still listed." While I approve of the basic concept of SPAM Blacklists, there are dozens of SPAM blacklists out there who are real keen on adding open relays to the list, but not so keen on taking rehabilitated hosts out. I would posit that SPAM blacklists that are not properly maintained are a part of the problem, not the solution. What are your thoughts on the subject?
rlsynder continues: "Am I way off base here, or is this self-appointed mail police thing going in the wrong direction? Given that I can't reliably deliver e-mail to a number of places due to being blocked, I've got a big exposure. Is this making spam less of a problem, or are we trading one problem (SPAM) for another (the reliablility of proper maintenance of SPAM Blacklists)?
I could draw a bunch of analogies here, but isn't the bottom line that no one owns the internet e-mail system? I realize no one makes ISP's subscribe to the blacklists, but basically, I'm trying to move data from one point to another, and some machines in the middle are discriminating against my data because a corrected, perfectly legal system configuration error. How is this helping? Has SPAM really decreased universally thanks to these lists?"
Slashdot Mirror
The company I work for had the same problem. As a result, we ended up having trouble getting e-mail to some of our customers. Thankfully, it was easy to get ourselves removed, but I think if people are going to use blacklists, they should also take the responsibility of keeping them maintained, both in additions and removals.
When I used to manage a mail server, I was asked to filer based on orbs. Not did this in no significant way limit the amount of spam entering the system, it became a huge administrative headache. Eventually, we stopped using the lists. I am sure there are likely better lists, but I simply prefer creating my own list, based on investigation into what's coming in.
This is a fallacy that continues to be propagated. I own my own mail server. The company I work for owns its mail servers. We can both decide who we want to allow to send mail to our users.
At work, we use two open relay lists; ORDB and ORBZ. Nobody forces us to use them; it's our server cluster, and our choice.
The reason we use those two systems, however, is due to the reasons pointed out in the article. Some blacklists are far too easy to get onto, or hosts are arbitrarily added by humans. The only way to get onto either of those lists is to be an open relay. The only way off is to be automatically retested and found to not be an open relay.
OK, you've fixed your mail relay(s)..
This is a good thing - and what every blacklist's ultimate goal is.
Speaking as a mail server admin, I'd be interested to know which lists are not removing you - so that I can make sure I'm not using them.
Seriously - letting people know about this is the best way to get what you want. If your site is not a relay, any blacklist maintainer is doing their users a disservice by listing you.
As a mail admin, I'd want to know.
Alternatively, you could do the American thing and threaten a lawsuit - most blacklist operators are immune from libel charges because they're just listing people who operate open relays (truth is defense against libel) - if you're not an open relay, then you've got a good case for libel: they're deliberately publishing false information to hurt your business.
Yep, that's the root of the problem: there are a number of for-free blacklists out there which are professionally managed. Those are the ones that should be used.
And as long as we publicly point out the blacklists that are being poorly run, people will stop using them, and switch to the good ones (like RBL, RSS, DUL, ORDB). The solution is not to ban or otherwise stop using blacklists, the solution is simply to (vocally) promote the ones which stay on top of the problem.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
I'd just like to give some props for SpamAssassin.
If you haven't heard of it, it's an elegant system that assigns a weight to each email message based on hundreds of different tests, and if the email scores over 5 (configurable), it is marked as spam.
One of the nice things about it that is it uses most of the email blacklists, but they're only worth ~2 points, so being in a blacklist alone isn't enough to kill a message. That's good for those blacklists that throw far too many people in that don't belong (osirusoft). It also uses razor, but that is only worth three points, so if someone is piping bugtraq to razor-report (that happened for a while) you won't lose all that email.
There's a really interesting set of tests (it's fun to read them) each with an obscure set of points including:
HTML with a non-white bgcolor (1.2)
Claims conformance to obscure spam law (1.0)
HTML mail with no text portion (3.33)
Various spam phrases (various points depending on how many "hits" there are)
Subject ends in an exclamation point (0.5)
The points have apparently been calculated using some program to give the best accuracy.
Anyway, SpamAssassin is the best of the spam removal programs I've seen. Give it a shot!
Your problem is twofold. First, while you've cleaned up your open relay, plenty of spammers and spam-friendly hosts make the same claim and lie (Rule #1: Spammers lie). So you may have to be patient.
More importantly, your server ip may now be sitting in hundreds of private blacklists of mail servers whose admins don't like to use the centralized lists, and just reject/blackhole spammers on their own. It is the presence of well-trusted centralized blacklist services that gives you even the hope of ever having decent communication, because without them, you'd get into a thousand tiny blacklists and never get out.
(P.S. Note that if you're checking your status using the rblcheck tool at http://relays.osirusoft.com, it will tell you about a lot of blacklists that are not intended to be publicly used and not part of the usual osirusoft dnsbl, as well...)
rlsnyder asks Has SPAM really decreased universally thanks to these lists? Well, it is hard to say. Spam has increased monotonically since its inception, and it continues to grow. It is possible that blacklists have helped lower the rate of growth.
What blacklists really do is get the attention of sysadmins, and get them to take the problem seriously. I, like rlsnyder, was victimized in the same way -- our mail server was an open relay, we forwarded some spam, and got blacklisted. It took me a week or so to get it straightened out, and in the process I learned quite a bit about the UCE problem. rlsnyder similarly has been enriched by the experience, whether he agrees to that at this point or not.
One always has the option of sending mail from one of the many free mail systems. If your mail is blocked while your case is being reviewed, then send it from hotmail or someplace like that. That's what we did. In took about a week for the last of the spam reporting services to delist our site, and while it was inconvenient, it wasn't devastating. It won't be for rlsnyder, either, I trust.
The big problem is that there is nothing to stop the spammers. People who relay mail through unsuspecting companies are already criminals, they will not be dissuaded by laws. The only thing that the anti-spam community can do is to try to put a finger in all 2^32 holes in the dike, and the only way to do that is to educate people. The blacklists are that education program
thad
I love Mondays. On a Monday, anything is possible.
We (dds, a dutch isp) had a spam problem, and being a free email provider for such a long time did contribute to that. When we went out to solve this problem we did it in three steps:
.procmailrc and made a web interface to create procmail recipes in an "outlook" style.
/. , lurking time is over i guess :-)
- Implement RBL+ on our mailservers (got the load down a bit though)
- Created a global "spam filter" (weight system a la junkfilter) wich was opt-in for our users..
- We installed procmail, gave each user it's own
This recipe maker could then be accessed by each user on their own user pages, or they could just make receipts through their shell access
Our end users didn't really notice much about our use of RBL. And most of them don't know what rbl is annyway.
But giving them the possibility of filtering email on the serverside _themseve_ did make a difference! It gave them a feeling we are fighting spam, and that THEY are also in control !
And last but not least... Giving your users info on how to _avoid_ spam is important!. We did this by writing clear faqs on avoiding spam, and pointing each new user to these faqs
(b.t.w... this was my first post on
-- Hi! I'm a signature virus. Copy me into your sig file and help me spread