Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Blacklisting Spammers Is A Bad Idea

Posted by timothy on from the painting-with-machine-gun dept.

Roland Piquepaille writes "For the last two months, an eternity in Internet time, I was unable to reach -- and to contribute to -- Smart Mobs, the collective blogging effort around the next social revolution initiated by Howard Rheingold. Why that? Because an unknown customer of Verio decided it was a spamming site and asked the company to blacklist the site. Verio complied -- probably without even checking it -- and my problems started. It took me dozens of e-mails and phone calls and two visits to the headquarters of my french ISP, Noos, to fix the situation. More about this horror story is available here."

11 of 396 comments (clear)

  1. ORBS by olman · · Score: 5, Insightful

    And other RBLs require usually multiple reports from multiple sources. And you have fairly straightforward way of getting de-listed, too.

    What's with the current boo-hoo over blacklists? Do we have some kind of spammer astroturf going here?

    1. Re:ORBS by PurpleFloyd · · Score: 5, Insightful
      The current "boo-hoo" over blacklists can be mostly summed up by one word: SPEWS.

      They operate on the "nuclear bomb" method: list spammers, plus anyone using a "spam-friendly" mailserver (a definition that can be stretched to cover almost anyone) or anyone who is simply "suspicious." Oh, and you might also be listed if your new IP block was once used by a spammer. Don't worry, though. You can just wait a few weeks and lose massive amounts of buisiness because many customers can't recieve email from you and have no idea why - they just think you aren't responding. Or you can go onto NANAE and post a delist request, which will get you nothing but "Whiner! Eat your SPEWS, it's good for you!"

      To be sure, a large portion of the problem comes from ISPs implementing SPEWS incorrectly - silently dropping all IPs listed, not just tagging level 2 and dropping only level 1 (confirmed spammers), and the spammers have created this problem themselves. However, SPEWS' "list 'em all, let God sort 'em out" approach is irresponsible, particularly when they know that ISPs are applying the filtering with a wide brush.

      --

      That's it. I'm no longer part of Team Sanity.
  2. Why Blacklisting Spammers Is A Bad Idea by wo1verin3 · · Score: 5, Insightful

    This article should have been called...

    "Why it's important to have good policies and procedures in place when blacklisting spammers"

  3. Non sequitur by ScottSpeaks! · · Score: 5, Insightful

    The fact that a strategy (such as blacklisting) can be mismanaged and that it is not invulnerable to abuse does not necessarily make it a "Bad Idea". It just means it needs to be managed more carefully, and better secured from abuse.

  4. That's what I'd call costumer care... by rune.w · · Score: 5, Informative

    Quoting from the article:

    1. Technical support people don't have access to Internet;
    2. They are not allowed to phone to customers;
    3. And they are not allowed to send them emails.

    Maybe it is a good time to change ISP?

  5. Am I understanding this correctly? by orthogonal · · Score: 5, Insightful

    From the article: My ISP has a partnership with Verio to handle its traffic in the U.S. When Verio blacklisted Smart Mobs, any request from Noos went unanswered -- sorry, there was the (in)famous 404 error.

    I want to be sure I understand this correctly. Verio wasn't (only) discarding mail from Smart Mobs, because they thought it was spamming site, they were refusing to pass through http (or other) connections to it?

    Discarding mail is one thing, but blocking an IP address is quite another. What's the justification for this? To prevent the (supossed) spammer from profitting from the spam, by preventing anyone from connecting to it to (presumably) buy the product touted in the spam?

    Discarding mail from a spammer can be justified, by, among other things, the argument that spam mass-mailings strain system resources. But connecting to sites happens all the time -- an ISP should should be set up to handle that traffic, and can traffic to sites touted in spam really increase the volume that much?

    To me, this seems like a dubious policy on Verio's part -- even without the problem of mis-identifying sites as in the case of Smart Mobs.

    --
    Opinions on the Twiddler2 hand-held keyboard?
  6. My own slashdot horror story... by Sun+Tzu · · Score: 5, Funny

    I have an earthlink.net account and a couple of weeks ago I was issued an IP address in the dreaded slashdot BANNED! file. Pity poor me, getting the big orange screen telling me about the terms of use and how, as a BANNED! IP addy, I was unable to even read them. Fortunately, the evil orange BANNED! page quoted me a few of the offenses that might have gotten 'my' IP banned. I must have spammed the input queue or posted a PWP (page widening post) or somesuch.

    Of course, it wasn't me. It was some other Earthlink customer who, sometime in the past, was issued that same dynamic IP address and committed the unpardonable offense. That customer has moved on to a new IP, but /. never forgets.

    It was hell. I spent *hours* unable to access /. -- can you imagine the suffering that such a fate would cause *you*??!

    Eventually, I was issued a new IP address from earthlink and was back online as the ageless Sun Tzu once more. But I still live in fear that someday, perhaps when I least expect it, the evil orange BANNED! page will return to haunt me. This is the personal hell that I inhabit and it is here that I shall remain, until I get a clean static IP address of my very own. I live for that day.
    --
    Send us your Linux System Administration articles

    --
    Geeky modern art T-shirts
  7. Re:Improperly done blacklist by spicedhamhawg · · Score: 5, Insightful

    Speaking as someone who fights spam for a living, effective blocking requires a combination of techniques. You need to filter on sender (both envelope and From:), sender domain, sender IP, and content filters.

    Your statement that whoever decided to block ftp or http was not all there completely misses the point, I think. If a site is known to spamvertise, blocking *all* traffic to/from that site is actually a pretty good idea. Why? Consider why spammers send spam: to generate traffic to a web site, an email address, a phone number, some way to contact that. Since they know any email address they use to spam probably won't last as long as fart in a room full of air purifiers, the contact link is usually URL, whether by domain name or IP address. If they spam and you put in a filter for that spam, they may never get that spam through again, but they may still get some buyers from among your (stupider) customers. However, if your policy is to block all traffic to/from that IP address, they get zero traffic and zero business from your netblock and you really hit them in the wallet.

    Verio's idea is good, but someone dropped the ball on implemenation in this case by not checking the facts before blocking.

    What I'd like to know, though, is why the author of the article uses an ISP as bad as Noos. They sound so bad they make even wanadoo.fr (gee, speaking of spam!) sound good in comparison. Someone at Verio apparently made a mistake, but if so many people at Noos weren't so incompetent (did the PHB character come from their, I wonder?) the situation probably could have been resolved in a day or two.

  8. Wrong. Not perfect != "bad." by the_dreadnought · · Score: 5, Insightful

    The good it does is far outweighed by the bad. Just like everything else in life, mistakes will be made. You can have a problem with the process to correct mistakes, but advocating RDNS blacklisting should go away doesn't make sense.

  9. Better title by commodoresloat · · Score: 5, Funny

    "Why Blacklisting Spammers is a Bad Idea: It Takes Up Valuable Time that Could Be Spent Tracking Them Down and Killing Them"

  10. Re:Improperly done blacklist by bigberk · · Score: 5, Interesting
    If so, why don't you use your ISP's server as smarthost and relay through them?

    Why don't I use my ISP's mail server? Because:

    1. My ISP's mail server sometimes takes as much as 3 hours to deliver a single email
    2. Mail sometimes gets lost entirely, and without access to logs I have no clue what happened
    3. I have a host with TCP/IP abilities just like everyone else. Just because I'm not paying thousands of dollars doesn't mean I can't establish a port 25 connection to another host. I resent the drive by industry to segregate connectivity based on service class (consumer/business). TCP/IP knows no such labels.