Slashdot Mirror
Paul Graham Describes Dangers of Spam Blacklists
CRoby writes "Paul Graham posted an essay describing the danger and corruption of the main spammer blacklists today. It discusses MAPS and the SBL, the blacklist created to try to alleviate the abuses of MAPS, and suggests (maybe) another blacklist's creation."
$idea will not help cut down on spam. In fact, it is detrimental. This has been know for $num_years years, but I feel I must prove that I am really smart by writing an article about it.
We've been blacklisted before and the sysadmins who run these things often WILL NOT remove you, no matter what. I'd take all the SPAM anyday vs. not being able to send legitimate emails.
I assume that what Paul Graham is complaining about must be SpamAssassin, or some other content filter, applying a score to articles containing URLs, which when looked up in DNS resolve to listed IP addresses. This is much less acceptable, since the sender has no way to know that their e-mail may have been classified as spam.
The details of the listing can be found at http://www.spamhaus.org/sbl/sbl.lasso?query=SBL279 45.
This is a /32 - i.e. a single IP address. I don't know
why Paul Graham's web site (which has that IP address) has been associated
with textileshop.com, which has a completely different IP address.
The other Yahoo listing on the SBL is also a /32.
I also note in another of Paul Graham's articles http://paulgraham.com/sblbad.html he claims
As any fule kno, the most notorious spam blacklist is SPEWS. ~In Soviet Russia; old, tired, worn-out joke tells you
...his website is hosted on the same IP address as a spammer (textileshop.com) was on yesterday, and because of that he's seeing some of his mail blocked.
There's certainly a need for thoughtful and hopefully positive criticism of blacklist behaviour. This article is not it.
The problem was, as vigilantes so often do, the guys at MAPS got carried away
For some reason, journalists keep calling blackmail lists "vigilantes". But there's something they don't understand: nobody forces email system administrators to use those lists.
These lists are provided by people for free. They decide to list bad email servers, but they may as well include any server they want. After all, who's to force them to provide quality of service?
The real problem, of course, is that blacklists are needed in the first place. If ISPs did their jobs a little better (aol, hotmail and the likes), the amount of spam would already decrease significantly. And don't speak to me about chinese ISPs, since most spam comes from the US.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
A blacklist for a blacklist for a blacklist...
Personally, I find the need to disable more and more RBL's, because today a user might come thru OK, tomorrow, they're stuck in SORBS and considered a HIGH risk.
IGB: More fun than eating oatmeal!
Oh, ok. Nothing like over reacting a bit.
www.HearMySoulSpeak.com
an essay describing the danger and corruption of the main spammer blacklists today.
:/ Vigilante is a very strong word IMO.
today? Articles linked are from 2000 and 2002!
I don't know how many times you can use the word "vigilante" in one article
I had the unfortunate "joy" of being blocked by some of these draconian blacklists. My sister requested some information from me for a trip that she has upcoming via my yahoo.com account. After it bounced from her ISP saying that I was sending it from a "spam-hosting" ISP, I sent it from my mac.com account. Same schtick. After a couple other choices, I finally got it sent from my .edu account.
Her ISP uses SpamBag for their blacklist. SpamBag? ScamBag is more like it.
No wonder my sister is disenchanted by email. Her yahoo account got spammed to no end, then she can't get emails from most of her friends since they get bounced back by her ISP's stupid blacklist.
Blacklists are fine and dandy in principle, but practice has shown them to be useless. IT managers, just drop them. They're more annoying than anything.
-Jellisky
I just finished his book Hackers and Painters last night, and I highly recommend it. It has given me a much better understanding of economics, and has made me understand the conservative economic point of view much better. Of course I am also in the process of starting a startup, which is exactly what Graham recommends as the fastest way to wealth (for the most talented 1%, but indulge me here for a bit), so I may be a bit biased. But I do this that it is worthwhile for everyone to read, both for the life/economic advice as well as his technical insight into programming languages. Of course you should give it to your boss to read after you finish with it, as it is really in large part to help non-nerds understand nerds.
So...it's okay if he goes to Federal Pound-Him-In-The-Ass penitentiary just because he rented a car from a place that also rented a car to a crack dealer?
Huh?
Sorry, but that's still bullshit. He states it clearly in his article: You can't screw over innocents just to make the guilty pay. Does the your government put a neighbor family through torture just because you got a parking ticket? No. It's YOUR fault and YOU should be punished. Not some innocent bystander.
Comment removed based on user account deletion
but five minutes later they should have recognized the likelihood of unintended consequences and looked for a better solution, much as our fine lawmakers always do....oh, wait....
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
All blacklists get corrupted over time. On the other hand, new ones won't be very effective because they don't have enough spammers on them. You have to choose what false positive level is acceptable to you.
I am trolling
I have found an interesting offer: pay 50 bucks and you are removed immediately from the spam list. Have a look here.
Interesting: The company won't say who they are. They say this was approved by local authorities, but this is bullshit. Local authorities can not brake federal law in Germany.
Blacklists have a structural flaw: there is no one to watch the watchers.
Lisa: If you're the police, who will police the police?
Homer: I 'unno, Coast Guard?
Okay, so a philosopher, a philologist, and a philatelist walk into a bar...
Blocklists are made by people for others to use if they see fit. When they become unusable, they're no longer used. Personally, I use none. The cost to me of one false positive is greater than 1000 spams that leak through. No list is that good.
" This is, strictly speaking, terrorism: harming innnocent people as a way to pressure some central authority into doing what you want " -the harm is inflicted, often intentionaly, by those who CHOOSE to use a blocklist -Innocent is at best debatable " As of this writing, any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam. Why? Because the guys at the SBL want to pressure Yahoo, where paulgraham.com is hosted, to delete the site of a company they believe is spamming. " I was under the distinct impression that the SBL is an IP blocklist. And I see absolutely no evidence here of motive. Merely his say so.
OK, so PG wrote some code in the past, and is generally a smart guy, and to be honest, I actually like his writing. I like it enough that I'll even read his stuff despite the fact that he uses an excessively narrow column width for his text which makes it very annoying to read. However, there are many blogs out there written by smart programmers, some with far, far, far more geek cred than PG.
Why exactly is this a Slashdot story ?
I've been considering going to a whitelist only system.. Everyone I know gets on a whitelist, and my personal website/webpage will have a CAPTCHA and a way to suggest your name onto my whitelist.
Pratical for me? Yes, but I wonder how well it would apply to other users.
In the age of the internet...
It's not like it's difficult to register a domain. With cars... it's a little more expensive and there are several registriations that take place.
So two discern two cars in a particular rental agency is not the same as two domains on the same ip/subnet.
Your comparison is fundamentally flawed.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
His other stuff on spam also missed the mark.
Not in the slightest. You're basically saying "It's too hard otherwise". I'm basically saying "That's too goddam bad". You can't fuck over those who are innocent just to punish those who are guilty. If that means you can't win, then fine, you can't win. Deal with it.
:] )
Or, of course, you can keep doing it, but you're still a prick. (General you, not specific you - I don't know you, so I wouldn't dare make that claim right off the bat
I work for an organization with ties to many different ISPs and I've heard many horror stories about large blocks of addresses getting blacklisted for the actions of a few, and when the ISP has either already gotten rid of the offending customer or tried to get incorrectly blacklisted blocks off the lists, they've been told "Pay me $xxxx and I'll remove you."
I guess some blacklist managers have not taken to heart the adage "With great power comes great responsibility." I'm also sure many users of the data these blacklists provide are not even aware of the practices of these folks.
Comment removed based on user account deletion
Because white is the color of sunlight, generally regarded as pure, and black is the color many wounds turn when rotting and bad... I'm failing to see the problem?
Methinks you're finding ghosts because you feel like being oppressed.
Besides, isn't it african american, not black?
My blog. Good stuff (when I remember to update it). Read it.
We deal with this all the time. Leaving any IP on a blacklist for any period of time doesn't help. Most spammers nowdays spam and run. They unload from a hacked account through a broken formmail script or a zombie computer. After 36 hours they have dumped their million emails and moved on to another IP. Blacklists generally don't get this though. They just make a bigger and bigger list. The problem with this approach is that they already missed the spammer. One time we dealt with someone who was running a blacklist and when we asked why an IP was on the list they said because it spammed years ago. When we said we have controlled the IP for the past three years they said it doesn't matter. It's like give me a break...
The solution to blacklists is to use an AOL model in which dynamic IP blocking is used. When spam is noted from an IP that IP is automatically blocked for 24-36 hours after the last spam comes in. That way the innocents are not being blocked and the spammers email doesn't make it through. There are a couple blacklists which do this but more should.
Compare this to the opposite blacklists like BLARS which requires a thousand dollars for "him" to investigate whether an IP should be removed. I have never seen an IP which is not listed with BLARS.
Quality Hosting e3 Servers
Is it possible that it's his outgoing cable-modem IP address that is the problem?
Is it, as the parent suggests, spam-assasin filtering?
I'm more than happy to get on the wagon of unresponsive RBLs. The only way they can actually get the response they want is if cleaning up your act results in de-listing.
However, Mr. Graham makes some big claims with nothing to back it up--and attempting to investigate on your own shows that his claims don't seem to check out.
Spam is a crime (legally and ethically IMHO). Therefore spam blacklists could be considered vigilante operations.
I've seen small ISP's and web hosting companies with some of the most dedicated, proactive, and talented security officers fail to stop all if not a good chuck of out going spam from their networks. So saying "Oh ISP just need to do their jobs a little better!". Spam is big business on both side of the fence.
Lots of spam blacklists get drunk on their own power and DO make some bad calls. SPEWS in my opinion has been one of the worst to deal with. I can't say I trust any organization who is accountable to no one but themselves.
Besides, isn't it african american, not black?
Who said anything about American?
On a practical level, "block list" and "accept list" are just much better descriptions of what such lists actually do.
My next sig will be ready soon, but subscribers can beat the rush
Graham writes: For example, in order to get revenge on people they believed were spamming, MAPS would blacklist the mail server of the company hosting their site.
Wrong. "Revenge" is completely off the menu. Paul's being a crybaby and refusing to look at anyone else's point of view.
The truth is, MAPS blacklists the mail server of the company hosting the spammer because MAPS subscribers are willing to give up their ability to recieve mail from some innocent bystanders if that will break spamhosters' profit model. That is the choice of those who use the blacklist.
Graham also writes: This is, strictly speaking, terrorism: harming innnocent people as a way to pressure some central authority into doing what you want.
Now Paul's really gone over the top. Allowing MAPS subscribers to block email is "harming innocent people"? Get a sense of proportion, man! Terrorism has a definition, although some dispute the details and this isn't it. Where's the terror? Are you living in fear that your email might be blocked, because you use a spamhoster? I don't think it's MAPS fault if you are terrorised; I hope you are not, but if you think you are, you need to see a psychiatrist quick.
Once you get past the hyperbole in the first few paragraphs, Graham makes at least one valid point (his site has been wrongly blacklisted) and asks at least one pertinent question (who watches the watchers? answer: subscribers). But this article is mostly just a hysterical anti-blacklisting rant.
People switched from MAPS because the other lists were free, not because MAPS was too aggressive.
"As of this writing, any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam."
Whisky Tango Foxtrot? *BLs block IP address ranges, not URLs.
"Because the guys at the SBL want to pressure Yahoo, where paulgraham.com is hosted, to delete the site of a company they believe is spamming."
1. Given that Paul's mixing up URLs and addresses of mail servers, I'm not prepared to take at face value the statement that SBL is blocking Yahoo's mail servers to pressure Yahoo to drop a "site", rather than (say) mail services Yahoo is providing the spammer.
2. If Yahoo is providing services to a spammer and Yahoo refuses to deny those services to a spammer, than Yahoo is being "spam friendly", no matter what their reputation is, and they may well be depending on the many legitimate lists they're hosting to avoid responsibility for their actions. That's exactly the situation that John Reid is referring to in Paul's quote.
I don't know what alleged spammer this is referring to, but what Paul's written is clearly not anywhere near the whole story.
I knew it when I started reading that posting. He must have got listed somehow by one of them.
Well talk to your provider and get them to get rid of the spammer. If they won't correct the problem then leave. That's the whole point of an RBL anyway.
Customers get blocked and complain to their provider. The provider fears loss of further business and removes the offender. Of course this is only a theory cause it's rare someone does confront the provider.
The DUL is another very annoying list. Earthlink reports all of its cable modem customers to DUL because we are forced to use "dynamic" addresses with DHCP. My address is so dynamic it has changed once since I because a customer, and that change occurred three years ago. For DSL customers, Earthlink offers a special service: a static IP address for only $15/month extra. Cable subscribers don't get that option. I really have to wonder how that static address could possibly cost them any more to maintain than my current dynamic address. In my case, the only difference it would make is whether I am on the DUL or not. (I use dyndns.org to have a dynamic domain point to me and now have a regular paid-for domain pointing directly to my IP address which I will manually update should my address ever change again.)
Edward Burr
Having a smoking section in a restaurant is like having a peeing section in a swimming pool.
Would that be an editor that is modbombing this thread? I'd be flattered by the attention, if I had the slightest respect for them (-1 Flamebait)
My next sig will be ready soon, but subscribers can beat the rush
For some reason, journalists keep calling blackmail lists "vigilantes". But there's something they don't understand: nobody forces email system administrators to use those lists.
To be honest, I like his other analogy for blacklist maintainers -- terrorists. It's much truer to the point. Vigilante in my mind at least implies an attempt to go after the bad guys and protect the innocents thanks to the pop culture influence of TV, movies, and superhero comics.
This doesn't describe blacklist maintainers.
Blacklist maintainers are cynical, bitter, little men who care nothing for the people they hurt so long as they get a spammer. They deliberately target innocents in the hopes that the innocents will complain to the higher power to get rid of the things that bothers them. This leaves little to distinguish them from terrorists other than the fact that they don't kill people. Their deeds are less dark, but their tactics are the same as the Madrid bombers who hurt innocent people to push them to choose a government more favorable to their wishes.
Sure, nobody forces email admins to use those lists. Nobody forces people in the Middle East to contribute money to Hamas either. I don't care if you think you're funding hospitals and charity for Palestinians or if you think you're fighting to keep spam off the web -- you're paying to see people get hurt too. Stop it.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
The major backbone providers are all spam-friendly. If you use the internet, someone, somewhere who supports spammers is getting your money.
I really get sick of this sort of whining.
Yes, innocent users get hurt when their ISP chooses to host spammers. There's no way around that, unfortunately, except for users to become more choosy about their ISPs.
But when an ISP gets blacklisted for hosting spammers, this is not abuse or corruption - this is exactly what a blacklist has to do to be effective, and exactly what those of us that use blacklists expect and desire for them to do.
You can play whack-a-mole with spammers day in and day out for years, and have zero or very near zero effect on them. I know, I've done it. By the time you report a spamming IP, the run is done. The spammer isn't going to come back there, he's going to come back from a different IP for his next run. If you want to have any significant effect at deterring spam, you have to do more than whack-a-mole, you have to get them where it hurts. They can send out a million emails from one IP, then never use that IP again. But they have to have someplace more stable to take the money from the handful of morons that go ahead and click on their links.
If an ISP allows spammers to host on their network, they should be blacklisted. I don't want to carry their traffic. And if that means I'm turning down traffic from their other, non-spamming customers, that's a shame, but so be it. Maybe if their customers complain they'll get rid of the spammers. If not, I suggest their customers vote with their wallets, and find a new ISP. That is, if their purpose in having an ISP is communication with those of us that don't want spam. If they're happy being able to connect only to the fraction of the internet that welcomes spam, that's fine too. But it's up to them to make a choice.
All the blacklists do is allow those of us that DO NOT WANT traffic from spam-friendly networks to implement these blocks. Trying to spin an informational service as 'vigilantism' and 'abuse' and 'corruption' because it doesn't work the way the spammers and spam-friendly hosts want it to is abuse of the language, and insulting to the readers intelligence, IMOP.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
>>I've always been a little uncomfortable with the underlying assumptions white=good, black=bad. I prefer to describe such lists as "blocklists" and "accept lists"
>>Yeah, yeah, very PC of me; go ahead, shoot me down. Sometimes, these things *do* matter, and individuals have to stand up and say so.
I think California has a law against this very thing. In fact, the words MASTER/SLAVE on an IDE drive or anywhere else is illegal in California government hardware.
Now "that's hot." (TM)
I use blacklists all the time. Rather than simply rejecting the mail, if the server is on a blacklist, the initial OK is delayed by five seconds.
If you're sending a ton of mail, i.e., spam, little of it gets through. If you're only sending one or two messages, ie, likely legit mail, it goes through just fine.
Combined with more specific stuff further back (bayes, et. al), it's been quite effective at reducing the amount of spam sent, and the amount of mail that gets scanned.
The problem isn't blacklists, its how people use them.
What they do is allow others to block email between two diffrent people, simply because they run the mail servers that sit between them. If it was only individual users who were using these blocklists, it would be a diffrent issue. But it's not.
autopr0n is like, down and stuff.
Blacklisting is clearly just opening more oppurtunies for cyber-crime: spammers threatening to get companies blacklisted by major ISPs unless they pay up. Sending a few emails from fake addresses to the right places is a lot easier than organising DoS attacks from BotNets.
Loss of email hurts more too.
The best would be to make a new RBL that added headers to each email when a site is known to be using an RBL.
SPF is the way of the future, blacklists have no place and should be actively discouraged. Until SPF is in full deployment, or even after, TMDA works great too, and is the wave of today. RBL's are old, outdated, too high on themselves, etc.... Time to move on to the next solution.
Yes. Stop calling them blacklists. They're African American lists. :-)
Interestingly enough, the owner of the acme.com domain who was recently featured in a story due to his getting more than a million spam mails (well, attempts to send spam) a day, agrees:
(from http://www.acme.com/mail_filtering/shame_frameset. html)
quidquid latine dictum sit altum videtur.
It's not so easy for people to "get a new ISP" on both sides of the blacklist. Blackhole proponents act like there totaly optional when there not. If your ISP decides to use a blackhole, there's really nothing you can do. You miss important email that you would have chosen to recive if you could have. But you can't, because some BOFH with a stick up his ass decided that fighting spam was more important then people talking to eachother.
As long as the individual user makes the choice on the client side, it's great. When it gets to be the admin making choices for the users, it's not.
autopr0n is like, down and stuff.
If you hang out with crack dealers, you run a much higher risk of getting arrested or shot. Collateral damage is a fact of life.
Mea navis aericumbens anguillis abundat
From the article:
This is, strictly speaking, terrorism: harming innocent people as a way to pressure some central authority into doing what you want.
Can we please stop throwing the word terrorism into every sentence? Please? No? Damn.
But I, and my company have no quams with blocklists. Yes I also block Korea, and China
Any **sane** email admin person will know that some isps just love the money - I do not yet love spam.
Blocklists work for the cluefull. When you isp responds to spam compliants then I will accept you email - if everybody else gets the idea to locally block (even worse than a bl), or use a blocklist then that is not our fault. We block, the bl only provides a list, which i could (should i want to want to white list)
We are based in europe. American law (can-spam) does not apply so do not think that list you bought is to american citizens only. So dont believe your list (spammer) provider. If i really do have a desire for Viagra - im really sure that i can get it, and no you do not you have to spam me.
So that email address list that you bought this year but was harvested from 1997 does not exist is that my problem no. its yours. If your isp is too greedy and feel that it is ok to ignore my spam reports why is that not an issue to us?.
When your isp considers the report then I might change but until say chinanet do not give a stuff except for the money do yourseleves a favour Change isps end of matter.
Send Peter Clifford Francis Macrae comdoms to 23 Bedford St, St.Neots, PE19 1AX, England
If your IP address is dynamic, you have no business talking to other networks' port 25. Set define(`SMART_HOST', `smtp.earthlink.net') and shut up.
His time would be far better spent asking Yahoo why they're so steadfastly blackhat about the spam that comes off their network. Graham here is functioning as an apologist for spam, and the fact that he chooses to use a blackhat provider. Shame on him.
As for SBL, he's mistaken. It has long had a policy that allows the listing of corporate mailservers of spammers. If he wants to know their policy, he should talk to Steve Linford the Spamhaus founder, not John Reid.
I swear if Jim Thompson doesn't stop doing this crap, i'm going to be happy. Let him know how happy you are.
703-382-0299
Oh! Oh! He used the "T" word! They must be stopped at all costs.
What I've never understood is how a human-run operation that blacklists based on human decisions, and which by blacklisting an organisation can interfere with both their business and their reputation, isn't breaking about half a dozen laws that would subject them to more-or-less open-ended damage suits. Can any lawyer reading this please explain why this doesn't count under things like defamation legislation?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
blocking spammers via a central database just doesn't work. The spammers are constantly moving from zombie client to zombie client in huge waves of hundreds of thousands of infected systems, making the RBL always filled with obsolete and incorrect information. The problem - as everyone knows - is that the protocol is fundamentally broken. It's a tragedy of the commons played out in front of our eyes.
By allowing the abuse it's outcome becomes a certainty. We're going to have to bite the bullet and dump open SMTP. And I think we're going to have to do this quickly. The levels of SPAM continue to rise. I often see ten to twenty times as many spam connections on my mail servers than legitimate connections, and this is a constant, flowing, amount of SPAM 24/7. Even with RBLs, spamassassin, etc, SPAM still gets through. The solution will not be found with another bandaid. It's time to dump SMTP and move to something that demands cryptographic authentication for users and hosts before allowing the transport session to complete. --M
RBLs don't have anything to do with "adding headers to email".
SPF is irrelevant to spam. More than half of the SPF records in use belong to spammers.
Dealing with zombies on dynamic IP blocks by using RBL's is liks shooting gnats with an elephant gun. There are better tools for the job that will do a lot less damage if they misfire. You seem to recognize this, so I'll ask--why do you have/use RBL's at all?
For instance, reject mail from any sender that's not reverse DNS'able. Quick. Easy. Will get all the dynamic IP's without hitting anyone who's hosting a legit mail server (unless they're running a legit mail server without a PTR record, but frankly most people would view that as a bad configuration anyways).
If you need more than this, look into greylisting. If you're more progressive, look into SPF records.
Can someone please describe a situation where either using an outside or "in house" RBL is preferable to just using some common sense in your MTA configuration?
Why is that?
Here is the link, that responsible editors would've offered in a story like this...
In Soviet Washington the swamp drains you.
I reserve the right to block (or accept) any mail I choose on my own system. I also make that decision on behalf of my users, weighing the pros and cons, and especially the listing policies, of any RBLs. If I get it wrong, then yes, my users won't be happy. I'm all for doing what makes my users happy. Blocklists do make my users happy. They work. The fact that there's sqealing about the effect shows that they work. I reject utterly the contention that I should somehow be forced to accept anything I don't want to receive
My next sig will be ready soon, but subscribers can beat the rush
But this guy doesn't have a leg to stand on. After only the first few lines of the article I knew he'd been a target of a blacklisting.
As an admin of a small mailserver hosting a handful of private domains I'm a very happy user of various DNS blacklists. I use some blacklists to reject ALL e-mail from countries like Korea & China due to the constant flood of spam from those countries. I also use other blacklists in conjunction with SpamAssassin to more accurately deal with spam. If you don't like the way I manage my mailserver then tough! I probably don't want e-mail from you anyway. If you have a LEGITIMATE problem with being blacklisted then e-mail me another way (like from gmail, hotmail, etc) and I'll consider whitelisting you. I've also got a few specific mailservers whitelisted exactly because I was asked (nicely!) to do so.
Bottom line - my server, my rules.
Totally unusable
No, 50 bucks is the fee for an IP, not for an ISP.
Which lists?
Was this the first time you were listed or were you listed 3 or more times?
That isn't the way it works.
Am I willing to accept all that spam just so you can send email to me?
The answer is
If YOU want to send email without being on the spam lists, there are LOTS of options open to you. Sure, some of them are more expensive than others
This all comes down to money and time. I use blacklists and I like them because they save me time and money.
The spammers are constantly moving from zombie client to zombie client in huge waves of hundreds of thousands of infected systems, making the RBL always filled with obsolete and incorrect information.
That doesn't actually matter, because there's virtually no overlap between legitimate mail sources and zombies. Infected desktop or laptop PCs are not also SMTP mail servers: if by chance someone is using a desktop PC as their outgoing SMTP server, AND they're using that same desktop PC for other purposes, AND they are unable to keep it from being infected, then they should be on a blacklist.
look, if i wanted to read every one of this know it all's essays, i would read them on his website.
bloody hell, is there NO NEW THINKING in the world? dammit.
The SpamHaus RBL / SBL / XBL has been quite reliable for us. However, it is PART of a total solution. Thunderbird spam control and Spamassassin certainly help.
The greatest ROI was educating users on proper use of email addresses. Keep one address for work only, one address for personal and one for a throw away. The throw away is for registering, posting or whatever may end up in someone else's hand. It is not foolproof, but it helps. Since our users have held to this system, our spam problems have all but been eliminated.
One ring to bind them - should probably have more fiber and less rings in their diet.
I agree that the block you listed is a single IP:
66.163.161.45/32
Now do a DNS lookup on paulgraham.com: 66.163.161.45
The problem is that yahoo can host multiple sites on the same IP and the blacklists cant differentiate. The problem is the lack of granularity not, as Mr. Graham writes, an abuse of power by the SBL people
Earthlink reports all of its cable modem customers to DUL because we are forced to use "dynamic" addresses with DHCP.
So don't use your cable modem as your outgoing mail server. If your outgoing traffic volume is small, you can get a virtual colo with a low traffic cap. for much less than the $15/month your DSL peers are paying and make that your smarthost.
What a great piece of shiti journalism. An anonymous e-mail from a potential spammer is all it takes to let this reporter conclude that SBL got corupted.
If not, I suggest their customers vote with their wallets, and find a new ISP.
In the ideal world that free market idealists live in, that would work well. Unfortunately reality is a much harsher place. In most areas, internet access is provided by one or two near-monopolies. Don't like those companies spam policies? Tough. No internet for you.
Even if there were a true alternative, most broadband providers and hosting companies require long term contracts. If you terminate your account at the first sign they're hosting spammers on your subnet, they still get paid in full. The balance of power in modern coproration-consumer relationships is so tilted in fovor of the corporations that expecting angry customers to have any influence at all on business decisions is totally unreasonable.
0 1 - just my two bits
Posting AC so this does not taint my real-world karma:
... to stay off of them.
I once worked for a hosting company that hosted spam servers "on the side". As an admin it was a constant battle with the blacklists
Management never understood this (or rather, they understood it very well, the spammers paid $20X the hosting of regular servers...), indeed, they started a second company just to host the bad servers.
I was ordered to lie constantly, and to shift IP's around etc, to make it harder for the black lists to get us. IMO, I think that the blacklists should have taken out the WHOLE hosting company.
While 99% of my customers were legit, and I worked hard to keep spammers off of our "normal" list, I knew that we were hosting spammers on purpose. In fact, part of the reason I was let go was that I complained that doing this was immoral, and that it risked our hosting business as a whole.
So, if they blocked your whole hosting company, I would suspect that the hosting company was playing games like this.
(As an aside, when I was let go from that job I was estatic. Indeed my co-workers wished that they could be "let go" too. In the end, the turnover at that company was about 120% a year...)
This is, strictly speaking, terrorism: harming innnocent people as a way to pressure some central authority into doing what you want.
No. No... No, there's just something not right about that. I'm pretty sure that the definition of terrorism includes the idea of terror somewhere...
Ahhh. That's more like it: Terrorism: the unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons.
Yeah, violence should induce terror. Not being able to send emails to my girlfriend, as hair-raising an idea as that might be, just doesn't seem to be in the same league.
And just in case Mr. Graham is too lazy to find a dictionary to look up hyperbole for himself: hyperbole - n : extravagant exaggeration
www.eissq.com/BandP.html Ball and Plate System. Amuse your friends. Crush your enemies.
A) ISPs can't control a spammer who spams for 2 days and then leaves.
B) ISP uses dynamic IPs, and if that IP was used as a spammer haven for two days then re-allocated to another customer after the spammer leaves, it'll cause problems.
Well, if poster works for Network Solutions, it's because NetSol doesn't care if it's services are bad, they charged enough money during the .com bubble to coast on reputation for a few more years.
If poster works for GoDaddy, it's because the owner is spending too much time on his own vanity, trying to start a cult of personality with his commercials and radio show rather than pay attention to the horrible technical limitations he has imposed on his customers.
If poster works for Register.com, they don't have enough customers to care.
Regardless, poster did say low-level management. You think anyone cares what technicians and technical management think? Big companies don't choose solutions based on sound technical advice; they buy the solutions that savvy salesmen present to them.
Also, for what it's worth, I've found the SBL incredibly reliable (except recently, when I've found it's been increasingly unreachable at peak times), but I check it as one of many spamassassin rules -- I don't mark e-mail as spam just because it's in the SBL, though the way I have spamassassin score things, it doesn't take much more...
How is renting a car, hanging out with crack dealers????
"...and suggests (maybe) another blacklist's creation."
Great... another blacklist. Hey, let's just keep putting bandaids on top of bandaids on that cut. Eventually the bleeding will stop, won't it?
It's true that the problem is with ISPs and not with those who create and maintain blacklists. This spam solution however, is contributing to the general unreliability of email. Consequently, I for one, refuse to utilize an ISP unless I can turn OFF the spam filtering for my email accounts. That is how I SELECT an ISP. Otherwise email is just too darn unreliable due to false positive blocking. I maintain my own filtering, so I can address problems with it immediately, and I don't lose emails as I keep a complete log and cache filtered mails for a limited time.
While not everyone is prepared to take filtering into their own hands, DIY spam filtering may take another turn with the advent of better filtering add-ons to your own email clients. It's more efficient to filter further upstream, but unless ISPs start more generally making upstream custom filtering available to their users the reliability of email will continue to get worse as the spam arms race forces ISPs to institute more and more draconian filtering rules. But they've chosen to take on the problem, and if they're not very good at it users will look for better alternatives.
IMHO, the problem of SPAM pales to the problem of the unreliability of email produced by errors in filtering. It's true though, I'm not an ISP-- but an ISP who uses filtering to solve it's internal problems at the expense of its users is out of touch with its user base and that presents an opportunity for its competition.
Like DRM, SPAM filtering as applied by ISPs is not a solution to and end-user problem but a solution to a provider problem. End users are not particularly sympathetic to solutions to problems they don't have that actually cause problems. The customer is always right (many seem to forget that these days), and there's plenty of places to which the customer can walk if they're dissatisfied.
Maybe you only have three choices of broadband ISP at home, or live somewhere sufficiently rural that there are only three choices of dial ISP - that's entirely irrelevant to how many choices you have on where you get your email, send your email, or host your web servers. Sure, it's convenient to be able to run all those things from your home Linux box, but if you want to do that, you'll probably find that your cable modem company and some of the DSL ISPs that your phone company supports might not permit that. There are hundreds or thousands of companies that run POP/IMAP mailbox services, and probably more that will host web sites, and that's not even getting into options like virtual hosting.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Just block the sub net 0.0.0.0
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Woah there, you mean lives at at risk if legit networks get blacklisted? That's up there with copyright infringement being equated to murder and pillaging on the high seas!
Maybe you or the mod's who mod'ed you up can quote that bit?
I didn't think so.
This isn't about going to jail. This is about some people not hearing what he's saying.
No one's being raped or jailed or tortured. Some of his EMAIL is not getting to the people who asked for it because THEIR admins use the blacklists.
How about a little perspective?
Last week the spammer was at the address Paul's website is on. Now when I dig for the spammer's IP address, it's somewhere else. Assumin gthe spammer is no longer on Yahoo, Paul needs to get Yahoo to tell SBL they're gone.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
So, logically, the hoster, by letting it's client spam, is also a spammer, albeit indirectly.
So, it's only normal and logical that the hoster be also listed by the blacklist!
The idea of a blocklist is to cut spamming at the source. Very often, hosters will move spammers around, giving them a new IP address when the old one gets blocked. So it's normal that blocklist operators eventually tire of playing whack-a-mole and simply block the whole network.
When anyone let spammers roam freely on his network, they are spam supporters and deserve to be blocked.
And spam support need not be only letting spam e-mails out, but it can also be the provision of any kind of internet service to spammers, like DNS, domain registration or hosting of a spamvertized website.
So, yes, it is only fair to also blacklist ISPs who, even though they don't let spam flow out of their networks, nevertheless provide spammers with valuable services such as domain registration, DNS or web-hosting.
If no one would provide spammers those vital services, spammers would vanish quickly.
So, until spammers vanish, rogue ISPs who provide spammer services will be fair-game for blacklists.
What you are promoting is the tactic known in the real world as "Collective Punishment". This is the situation where retribution is meted out to anyone in the vicinity of the concerned party (innocent or not) in order to pressure that party to change. In this case, you find it acceptable that innocent users could get hurt (innocent, probably non-tech savvy users who don't know much about other ISPs or SPAM, or anything) just so that you can put pressure on ISPs to change their ways.
Now here's the fascinating part: you link to the site antiwar.com which has not 1, not 2, but 423 pages decrying the use of collective punishment.
If that's not hypocrisy, I don't know what is. Sure email's not a life and death situation, but the principle is the same in both cases. Don't like it when innocent people get their homes destroyed? You should hate it when innocent people get their IPs blacklisted.
1. Publish your own list.
2. Get sued for libel ("How dare you list my IP as a SPAMMER?").
3. Counter-sue, showing proof that your list is honest/truthful/accurate ("Because this SPAM was in fact sent from it on this date at this time!").
4. PROFIT!!!
y'all please excuse me, this looks viable...
Take the 90-Day Challenge! http://rwmurker.bodybyvi.com/
The BOTTOM LINE is that RBL's work.
I swear by them and I've tried every conceivable spam solution and continue to do so. I've been running large scale Internet servers for more than ten years.
RBLs do one thing that no other solution addresses: They counter the theft of resources by spammers. All other anti-spam solutions require even more resources to stop spam and do very little to curtail spammer's theft of bandwidth. So ironically, ISPs end up spending more money and resources in the process of dealing with the flak from spammers' theft of bandwidth and resources.
I've had to implement mail servers that are 4-5 times more hefty than my legitimate mail needs, just to maintain base services for my clients. That's bullshit, and that's because spammers steal resources. I'm sure as hell not going to spend even more money to stop spam when it doesn't put a dent in the real issue of spammers wasting bandwidth and network connections. RBLs shut spammers down quickly and keep them from wasting my system resources.
Spammers hate RBLs more than anything else. It's the one solution that lets them know their crap isn't getting through. Nothing else does.
Sure, I've ended up on RBLs, but it's not difficult to get removed. In the past, I've gone on rampages when things like this happen, but time has weeded out the irresponsible RBLs and made it easier. Anybody who complains about RBLs probably engages in questionable SMTP traffic on occasion. I've never met anybody who really had a problem with them unless they were violating the TOS of their ISP in the first place. This especially goes for broadband customers who throw up servers in DUL IP space and get their panties in a wad because they realize their homebrew SMTP server, however legitimate, is being RBL'd. Most of those people are violating their ISPs terms of service by doing so, and if they're not and they're caught in an RBL because they're intermixed among IP space held by moron, worm-infected broadband users, it's their ISPs fault, NOT the RBLs.
You stop spam by:
1. Enforcing existing laws on the books - almost all spammers are violating the plethora of existing computer tampering and mail abuse laws - problem is they're not being enforced.
2. Whitelisting SMTP relays. Nobody wants to talk about it, but this is the future. It WILL happen, especially if we move to IPv6, which will create a huge nightmare in terms of tracking spammers. SMTP licensing and whitelisting will work, but it's a four-letter word people don't want to talk about until things get worse.
3. RBLs are the next-best thing to whitelisting. You blacklist irresponsible IP blocks and refuse to allow SMTP traffic from them. It's the ONLY way to force bad ISPs and administrators to stop polluting the Internet.
I was around when SMTP relays used to be wide open by default. There was a time when anybody could use anybody's relay, then the spammers came along and ruined it. Shortly thereafter, it was the RBLs that forced admins to close their SMTP servers - everybody hated it, but now it's the accepted practice. RBLs have done more to enforce responsible Internet use than almost any other service. They're here to stay.
Excuse me, but who's been shot?
No one?
Then your analogy is not accurate.
Certain admins running certain email servers are rejecting/flagging his messages because they come from a "bad neighborhood".
No one is being shot or physically injured in any way, fashion or form.
And that is a valid option and a valid choice.
But I'm the admin for a company of about 150 people. 400 messages a day x 150 people = a problem.
So I use a few blacklists and deny the connections. No one gets shot, no one dies.
There is always the phone and I do include my phone number in the rejection notice. If a person gets the reject notice, that person can call me or the person s/he was trying to email and I can make a specific exception.
I've blocked over a million spam messages yet I've only had 4 calls (Bell South is staffed by idiots).
I have 3 executives here who are 100% behind my anti-spam efforts. You might not mind manually deleting 400 messages a day, but they do.
So what do you do about it? Not sure there's a good answer, other than the people who get hit with the collateral damage complain to their email/hosting provider to get rid of the spammer, and email recipients who want to avoid collateral damage can do things like use the blacklist as a SpamAssassin weight instead of total blocking, or use the blacklist to drive greylisting (e.g. tell BL'd addresses to come back in an hour, though spammers hosted at real ISPs are more likely to have real SMTP servers that get around greylisting, as opposed to zombies which usually don't.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Don't like blacklists? Start spamming them. Report spam as having come from every ISP you can imagine. Soon the RBLs won't be able to know legitimate sites from sites that actually have sent spam (moreso than at the present moment) and thus will become useless. They'll either start blocking too large a percentage of the net to be useful (people won't subscribe) or they'll have to start thoroughly investigating the claims.
Someone should write an article about the dangers of Paul Graham. For someone who objects to the inevitable politics of opposing groups or businesses clashing together, he certainly seems to do a representative job of clashing with same.
The answer to spam isn't going after the spammers. It's going after a) those who push their products via spam, and b) the morons who buy their products. That's why I support email viruses via spam. When people are afraid to open an email if they don't know what it is, the market will die. Kill the market and the spam will go away.
Give a man a fish and he'll eat for a day. Teach him to fish and he'll wipe out the species.
I would hardly think the threat of being blacklisted as a spammer would inspire "terror". It might be called criminal, or a conspiracy, but I don't think "terrorism" is very appropriate.
-- Programming with boost is like building a house with lego. It's a cool but I wouldn't want to live in it
We were a Lotus Notes shop back in the day with a mail gateway running 5.8 I think it was. We got black listed by orbz.org. I thought the concept was great and labored to resolve our open-relay problem. I finally discovered that it was an unfixable bug in the Lotus Notes mail server. Before it reached critical mass, orbz.org was sued by someone and the problem fixed itself.
IMO, this experience taught me that blacklists, while well-intentioned, could be a bit draconian....
"All great things are simple & expressed in a single word: freedom, justice, honor, duty, mercy, hope." --Churchill
You seem to be confused about what a vigilante is, dictionary.com gives me this: "One who takes or advocates the taking of law enforcement into one's own hands."
Yes. Law enforcement: not civil agreements between ISPs to carry email traffic. It's not vigilantism when two parties negotiate an agreement over a legal dispute; it's not vigilantism when someone advocates not hiring people with a criminal record; it's not vigilantism when someone throws away postal mail is postmarked from a known stalker's house.
Blacklist maintainers are not vigilantes: they aren't breaking any laws, nor are they advocating anyone break any laws. They're not opposed to due process, nor any other feature of the law, much less condoning "taking the law into one's own hands".
They do advocate that people who break social conventions be ostracized by not dealing with them, and they publish lists of people they feel have broken those social conventions.
Vigilantes are typically guys who do bad things, for what they feel are "good reasons". They are the guys who go out, and blow up buildings that belong to "corrupt" officials. They kill people who they feel are undeserving of life, but who the law doesn't condemn. Terrorists are one example of vigilantes; Robin Hood is another.
The blacklist people don't advocate blowing up buildings, killings, or any other form of taking the law into one's own hands. Instead, they advocate legal use of financial and social pressure to prevent what they feel are abuses. Sometimes this inconveniences people who feel they should not be inconvenienced, and these people feel legitimately angry. They have a right to complain about the service they get from the people who provide it, and, if dissatisfied, find another provider.
But nothing illegal is going on, nor are the people you condemn as "vigilantes" advocating any form of illegal act, so there are no vigilantes in this discussion.
Understand yet?
--
AC
He's not just on a bad street, and the vigilantes aren't shooting randomly with machine guns. He's got an office in the same building as a few mafiosi, and the vigilantes are very carefully using sniper rifles and only sniping at people who come out of that building's front door, and the front doors of a few other houses on the same street. They just aren't looking at *who* walks out the door.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Does the your government put a neighbor family through torture just because you got a parking ticket?
Dude. Whatever it is you're smoking, you need to cut the dose. Seriously.
Comparing people who make a list of known spam hosts to governments torturing innocent people?
Take a deep breath. Once you've calmed down and willing to stop the (absolutely stupid) analogies, then we can talk.
I've been on several ISP's over the years and not a single one has EVER blocked ANY email to me.
EVER.
I get TONS of spam on my personal accounts.
Can ANYONE give me the name of a single ISP that will block email so that it can be confirmed?
It's far easier for an ISP to put a limit on mail box capacity and do smtp-time rejection based upon that.
What they do is allow others to block email between two diffrent people, simply because they run the mail servers that sit between them.
If you're a user who is getting mail from a mail server that has RBL's on it, then you either own/run the mail server or you pay money to somebody who owns/runs the mail server.
Period.
In the case where you're paying money to somebody, then you're either:
a) For the idea, in which case you have no complaints or
b) Against the idea, in which case you can stop paying money to the person who owns the mail server (the ISP) and switch to somebody else.
If B was actually a significant proportion of users, then ISP's wouldn't use these blocklists. Free market economics at work.
The fact of the matter is that B is not a significant proportion of users. The people complaining about this sort of thing are people who get mail they SEND blocked because the receiver is using an ISP that uses these blocklists. And you know, the sender of mail has no real say in the matter as to whether the mail they send gets delivered or not, in this case.
The solution of switching ISPs to somebody who isn't spam friendly and thus won't get blocked never seems to be taken seriously. Again, free market economics are at work here.
Because RBL's work. The concept of collateral damage works. If it didn't work, then ISPs would not use these lists. They don't have to. No system comes setup to use these RBLs enabled by default. ISPs have to enable them or set them up. And they do that because they work. It's real simple here.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
My employer found that 90% of all spam and viruses originated from zombie PC's on DSL connections. We previously blocked any SMTP gateway whose reverse DNS entry resolved to a hostname that looked like a dyanic DSL/dialup address. We felt that a reputable business would ask their ISP to create a reverse DNS entry for their gateway.
Alas, a number of small business owners or home experts wouldn't pay the fee for the reverse DNS entry (cheap bastards they are).
signature pending slashdot approval
He never suggests the creation of another list: his point is that someone might create one but it would be pointless.
You are missing the point. Just because the RBLs you're using have blocked some SPAM, and only blocked "THREE" false positives, does not mean that the process is viable. Look, I've got three RBLs configured in my mail server. On top of that I use per connection limits, and have set up RCPT throttling. On top of that I hacked the sendmail source (simple one liner) to hang up on connections that do too many RCPT requests in one session, to really stop the dictionary attacks. And you know what? The fuckers just upped the number of connections across varying IP addresses and continued with their dictionary attacks as before. I had set up a fork limit to sendmail until the SPAMMERS opened so many connections it actually blocked legitimate incoming mail. So where does this end? When folks regularly begin seeing sendmail consume a mail server's entire process table with inbound SPAM connections? Because they'll do it. They have enough zombie bot resources. Face it, there's no stopping these guys with an open protocol. It's that simple. --M
But this is different - this is ONE IP address - the SBL record identifies it as a /32. Virtual Hosting means that it's possible to have multiple domains all using the same IP address for their email or websites, and if you're going to blacklist based on IP addresses, it doesn't get more granular than one address (unless you want to do things like have different return codes for "address has one spammer and some non-spammers".) So if one IP address has 100 legitimate users and one spammer, and you receive email from them, is it more likely that the mail is one of the 10000 (100 users x 100 messages/day) good messages, or one of the 1,000,000 spam sent by the spammer? 99% likely that it's spam; sorry if it was Paul.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Don't buy anything from it!
Who the hell keeps giving these people money?
I swear if anyone I knew bought anything from spam, I'd have to torture them to death.
Your analogy is freakin' terrible.
Paul hasn't been shot. Emails he tried to send have not been delivered. Drawing a comparison between physical violence and the fact that a guy can't send email is rather disingenious.
What's worse is that you still got the analogy wrong. Nobody has attacked Paul. His mail server is fine. HE CAN STILL SEND EMAIL. Other people, however, can CHOOSE to reject his email because of his IP being on a list. Nobody's touched his servers.
To use your crappy analogy, nobody's shot anybody. Instead, they've put his address on a list and then people who want to know about where the bad parts of town are can read that list and think that Paul is bad because he lives there too. Then they can throw mail he sent them away based on that.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
If I got mugged several times delivering pizza to other people in Paul's apartment building, then I'm probably not going to deliver it to Paul in that building. If he wants my pizza that badly he can hire someone else to pick it up and deliver it, that's not my problem.
Assume we are having an argument about the effect of illegitimate use of a certain class of service on the service as a whole.
[service] can be used for legitimate or illegitimate purposes. However, the presence of anyillegitimate use on a subsection of [service] is evidence that the entire subsection is polluted and dangerous to [service] as a whole. The subsection should be disabled and all its users forced to endure downtime until they can prove that they have cleaned up their act and are not longer transmitting illegitimate content.
[service] can be used for legitimate or illegitimate purposes. However, the presence of illegitimate use on a subsection of [service] is the price we have to pay for the benefits of [service] as a whole and our obligation to preserve the use of [service] for legitimate users on the same subsection as purveyors of illegitimate content. We should be careful to only act against those individuals who are polluting [service] and minimize collateral damage.
Which conclusions will you pick when [service] is "email"? Now how about when it's "P2P"? Because the situations and starting positions leading to the two conclusions above are pretty much identical.
You can't trust blackhole lists. Too many non-spammers are blocked. Businesses lose customers when their email is very silently blackholed.
They tell people to "Get a different colo" which is just ridiculous. Or, they'll tell you to pressure your colo to stop hosting spammers.
Mine *doesn't* host spammers, and I'm in a contract. I can't pressure them to stop hosting spammers if they don't host any.
I stopped using RBLs/MAPS/SPEWS years ago and have never looked back. Even more interesting is that the volume of spam *did not* increase, but the complaints about being bounced/not getting through decreased.
> I've always been a little uncomfortable with the underlying assumptions white=good, black=bad. I prefer to describe such lists as "blocklists" and "accept lists"
That's ridiculous.
You are putting racial overtones into something that has NONE. They aren't "African-American-Lists" and "Caucasian-Lists". They are black and white, as in NIGHT and DAYLIGHT. Since we've been huddled in caves a pitch black night has been dangerous. Predators hunt by night. Criminals work by dark.
This is as silly as the feminist movement protesting the word "Chairman" and having it changed to "Chairperson". The origin of the "man" in "chairman" is the word "manipulate", "mano" (hand), etc. NOT male.
- For the complete works of Shakespeare: cat
If you're running a mail server on a dynamic IP, then you're a fucking retard who should be blocked for being so fucking retarded. Moron. Pay the extra $5 and get a static IP. Then you'll have something worth complaining about.
The problem with blacklists is that -- the guy who recently had a story on spam here, at acme.com, put it nicely -- blacklists start off good, but always turn corrupt and start blacklisting excessively.
Suppose a "distributed" blacklist were created. I could blacklist the whole Internet, but I'd be the only one, so it wouldn't mean a thing. On the other hand, if 75,000 people have blacklisted an IP, there might be something there.
It needn't be totally distributed, I don't think. A community-run site, where, whenever you get obvious spam, you post the originating IP, could work. You'd post it, and that IP would have, say, 10 "points." The rating would "decay" by one point a day, so a site listed, but that went clean, would quickly leave the list: in ten days, each rating would be down to zero.
You could then simply query the site for a given IP, and it'd return the "points" a site had. This also allows you a lot more customizability: if you were obsessed with blocking all potential spam, you could block anything with more than 5 points. If you wanted to be careful, you might set it to, say, 1000 points.
Unless the people running the site keeping track of the ratings begin blatantly making up ratings, this idea means that a blacklist is much less immune to being "bad." And it allows IPs to "fade" out of the list over time.
________________________________________________
suwain_2
Greylisting is especially appropriate for the DialUp List type of blocklists, that track dynamic IP addresses. They might be legitimate users running Linux at home, or they might be zombies, and greylisting usually keeps the zombies out.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Okay, I think that YOU are the one that does not understand an "analogy".
And analogy is a comparision between two pairs that have the same relationship.They do, which is why I asked who had been shot.
Here's a site to help you: http://www.epcc.edu/faculty/joeo/sa_analogy.htm
Your "analogy" is:
bad IP address:blocking by email admin
as
bad neighborhood:vigilante shooting
So, no, your analogy makes no sense in this context unless you somehow equate an email message being rejected as being similar to a person being killed.
Here is my very own private /etc/mail/access blocklist which I use on my own mail server:
1. If the blogger doesn't allow comments, it's not worth reading.
./, but at least on this forum we can comment on the dubious nature of his self-serving propaganda. He won't allow anyone to question his statements on his own site.
If you want to slap stuff up and not give anyone the opportunity to comment or correct your work, chances are you're not really interested in being truthful or accurate.
Paul Graham's "essay" is a mean-spirited vengeful attack on RBLs because he's been caught in them. And ironically, he shows he's a total hypocrite by claiming the RBLs are abusing their power, all the while he abuses his own power and influence by writing a one-sided wholesale condemnation of RBLs.
I agree, his lame diatribe probably isn't worth mentioning in
Hear that sound? That's whatever's left of Paul Graham's credibility being flushed down the toilet.
At least for us...
According to our Anti-Virus, Anti-Spam gateway, only 1/2 of 1% of the messages being stopped by the gateway were being stopped because they were on an RBL...
I stopped using it because I figured the overhead/bandwidth being consumed wasn't worth it...
Goofy, Geeky Gifts and More!
If somebody wants to make a list which will let people block information about X, whatever X is, then I have absolutely no problem with it. They're making a list as they see fit.
If people then want to use this list to block X from their systems, then I also have absolutely no problem with it. Their system, they can block anything they choose by any means they choose. Not my say.
Now, if the people who make the list decide to block whole ISPs because they host information about X, you say I'm supposed to have a problem with it? Bullshit.
It's their list. They can do whatever the hell they want to do with it. The people who use their list, well, they can do that too if they so choose. I don't see how I should have any say in how they run their list. If they want to block entire ISPs that host blogs of people who have political views they disagree with, then I may consider it dumb, and I certainly won't use their list, but I'm not going to say that they shouldn't make such a list.
They can list any damn thing they please. The only choice I have to make is whether or not their list is useful for me to use or not.
RBL's are useful to a large number of people. This is why they exist. If the notion of blocking whole ISPs works for the people who use that list, then so be it.
If I was to get blocked, and I thought it was unfair, then I'd be angry, sure. I'd try to argue my end of it and I'd try to get removed from the list. But never, EVER, would I say that they have no right to list me on their list or that other people have no right to use that list to block me.
Now, if they blocked me because I used a specific ISP that these people didn't like, then it would motivate me to decide whether using that ISP was worth being on that list or not. You pick your side. You support the ISP or not. That's it. Just bitching about it doesn't help anything, because what they put on their list and how other people use that list is totally out of your hands.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
http://archives.neohapsis.com/archives/postfix/200 5-05/1770.html
The postfix-users list wound up in SORBS because the admin was sloppy.
Read the thread. That's the attitude that you get from blacklists. It's *never* "their fault" - somehow it's *your* fault. That's just bullshit.
I was victimized too. Because someone hijacked some IP space that I used to provide ptr dns records for, somehow they feel as though my IP space is hijacked as well, SPEWS feels as though my IP space must be hijacked and I must be a spammer as well.
And other spam-blocking lists use SPEWS info, so I am banned through them as well.
The worst of this is, this is all heresay and libel and there's nothing I can do about it. I found that one non-profit ISP starting using SPEWS and my mail to that server bounced, but luckily I knew the guy and just called him up and told him and he got rid of SPEWS.
The whole blacklisting idea is just bad. All you need is a few vengeful cranks to make the whole thing fall apart.
Oh, the IP space in question is 205.159.169.0/24.
So, there you go.
It is funny how people here whine about flawed analogies when it comes to things like "copy right infringement," but flawed analogies like this one are deemed not to be flawed and get a +5.
What machine guns? You know what a boycott is, right? All they are doing is refusing to do any business or have anything to do with that neighborhood.
Besides, it is more like they are reporting things to the proper authorities, and the proper authorities are refusing to do anything about it. Heck, sometimes the "proper" authorities know about these actives, are profiting from them, and are encouraging them. Thus they refuse to do business or have anything to do with this neighborhood.
How is renting a car, hanging out with crack dealers????
Crack dealer rents car. Crack dealer steals someone's stash, and escapes in said car. Crack dealer returns car. The next day, you rent said car. While driving out of the neighborhood, the former owner of the stash sees the car, decides he wants revenge, and guns you down.
QED.
funny munging
This doesn't describe blacklist maintainers.
Blacklist maintainers are cynical, bitter, little men who care nothing for the people they hurt so long as they get a spammer. They deliberately target innocents in the hopes that the innocents will complain to the higher power to get rid of the things that bothers them. This leaves little to distinguish them from terrorists other than the fact that they don't kill people. Their deeds are less dark, but their tactics are the same as the Madrid bombers who hurt innocent people to push them to choose a government more favorable to their wishes.
Nonsense. Blacklist maintainers are journalists; they document abuses, and where the trouble comes from.
If someone wants to impose a trade embargo on the region where the abuses came from, that's their right. If that person fails to notice when a change of regime comes in, that's also their right. It's certainly not the fault of the journalist who documented the original abuses.
Certain, innocent individuals in the region where the trade embargo has been imposed tend to get upset: but that's the point. That doesn't make trade embargos terrorism; and the journalists who document the abuses certainly aren't terrorists.
Get your metaphors straight. Asking it's members to put financial pressures upon a corrupt ISP by blocking that ISP until it stops spamming isn't that unreasonable: it's profiting by spam, and until it's unprofitable, it won't stop.
Worse yet, if a company can sell to spammers, and undercut it's competitors by it's lack of spam controls, then the customers who permit the spammers benefit financially at the expense of everyone else. So no, I don't mind "paying to see people get hurt", since those people were sitting back, and making money by letting others hurt me.
If the truth hurts, then let it hurt. If you're buying milk from the Mob, and they can't deliver it to you because the supermarket won't sell to them now that they know what the Mafia has been up to, well, that's your fault for chosing Mafia Milk Delivery.
It's not the fault of the journalist who pointed out that the Mafia threw some poor guy in a woodchipper. And the journalist is not a member o Hamas, and the supermarket is not a terrorist for pointing it out, and it's not their fault you can't get your milk: it's yours, for chosing an corrupt dairy service provider.
--
AC
Gentlemen,
You do realize that Paul Graham is in the business of pushing Bayesian anti-spam filtering, which he claims as 'the best' solution to spam. For a long time Graham has been spreading FUD about other anti-spam solutions, in particular blocklists. We're well used to hearing utter bollocks about blocklists spread by him.
Yesterday we listed on the SBL an IP of a spammer which as luck would have it is being shared by Paul Graham. We of course can not simply give the spammer carte blanche to spam our users because Paul Graham is also using the same IP. Graham has no concern for the fact he's sharing his IP with a spammer, and rather than contact his ISP to ask what a spammer is doing sharing his IP he simply sees a PR oppurtunity to bolster his "blocklists are evil, bayesian is good" campaign. I'm only surprized this actually made Slashdot.
Steve Linford, CEO, Spamhaus
Total Processed - 2,260,811
New Senders - 0
Total Spam - 1,915,404
Keyword Checking - 4,818
Header Checking - 5,283
Blacklist - 21
Bayesian Analysis - 35,248
DNS Blacklist - 0
SPF - 354,726
Directory Harvesting - 1,515,308
Spam URL Blacklist - 0
Spam Percentage - 85%
Anyone blacklisted by these services need not worry about getting in touch with me, unless they *really* are pushing spam. I say we all abandon these antiquated tools and move on that doesn't put all the power in the hands of the few and let the internet manage itself again.
I have my own CMS web site with forums, and some eastern european people from my nationality get there, I have a live chat too. I wanted my site to have registration, and the best way is with an e-mail. Then the problem starts. The confirmation e-mail is often blocked even by yahoo mail servers.So I have to use SMTP forward. My yahoo SBC account is perfect for that. I hope the yahoo smtp servers will not be blacklisted.
My MTA is XMAIL server <URL:http://www.xmailserver.org/>
I believe your MTA should support smtp forwarding and you can use the user name and pass for your DSL account, or I should say your PPPoE user and pass.
Good Luck!!!
Agreed. This same kind of argument against anti-spam blacklists has been used for years, and have caused plenty of thousand-message flamewars, but never really produced any effective alternatives.
Collective punishment is a war crime. ORBS and the other irresponsible asses who level entire subnets just to squash a spammer at one address are not doing anyone favors. They are too lazy to create a listing system that is granular enough to properly address the situation they purport to 'help us' all by addressing.
He states it clearly in his article: You can't screw over innocents just to make the guilty pay.
He's too cheap to pay for dedicated hosting. He saves money by sharing resources with a violator. Would you be offended if your roomate was a drug dealer and the cops were so rude as to search your room while serving the warrant to search the house? You are stupid enough to live with a crack dealer because the rent is cheap. So why would that make you "innocent" when the crack dealer is found out?
Learn to love Alaska
The rest is history (or should i say present.)
Ocean is land, covered with water.
Not RBLs are equal...
.02% false positive rate, and the only time we edit records manually is if there is in fact a false positive. Otherwise, if a server stops sending spam, it falls off the list in a few hours.
My company furnishes a RBL/IP4r database called MXRate. No subjective human analysis is used whatsoever, and we do not block any subnets. Everything is 100% automated.
We average a
MXRate was specifically engineered to overcome these shortfalls that are present in other blacklists.
that isnt a very valid representation of the situation. Here's a better one:
You rent a storefront in a strip mall. The guy with the storefront 2 down from yours is selling drugs out of the back of his shop. The police raid him and shut down his store. Then they shut down all the other stores in the strip mall because the owner of the strip mall rented space to a drug dealer.
does that sound reasonable?
Darth --
Nil Mortifi, Sine Lucre
I am a normal homeuser,I subscribed to Comcast. Why isn't there an email client that allows me to decide whats delivered to my box instead of having to use a black list? I don't do business with any other country then the US so how can i block emails from all the other country's?. Thats where all the IPs are from in the spam i get. Why cant i have a choice of, this is spam, do i want to block this IP address not the email address sense 99% of spams email doesn't match the IP address. That should be my choice and also to have to choice of not receiving the email at all not just putting it in a spam folder and calling it a spam blocking program, because its not. I still have to look through the spam folder so whats the point, it doesn't save me any more time. If there was a good choice of something to use instead of a blacklist i would use it, but because none of theses ISPs don't want the end user to have that much control of there email sense they have partners they make money from allowing them to send spam....
Jack of all trades,master of none
Anyone on a blacklist isn't a real spammer. They are either a clueless company with an open relay (blacklisting them is fine cause it gets them to fix it) or it is a newbie spammer, sending out from a known spamming source (and fine ban them).
Thing is real spammers, spam and run via zombie machines, hacked wifi connections, etc. They move about, constantly switching their source.
We need to stop thinking blacklisting is the only way. More people need to adopt SPF records.
-Eod
Graham has written some insightful and well thought out stuff, but this is just sloppy:
I find it amazing that blacklists which mail servers must opt-in to use are somehow terrorism. Are you suggesting that these innocent people have some fundamental right to contact my mail server and send mail? They certainly don't; it's my mail server. I can use any methods I like to filter out mail, including chosing to rely on one of the IP blacklists. This can only be terrorism if random people have some sort of human right to send mail to my machine. I hardly think that's a right.
Come to think of it, apparently organizing against tangentally related people to stop another problem is terrorism? By that strange standard you could call advertiser boycotts terrorism: you're trying to influence some media outlet by negatively influencing advertisers on that outlet. They often have the same claim of innocence ("I didn't know that they would run that article! I just buy bulk advertising rates.")
(Now there are problems with blacklists, perhaps most significantly that many ISPs use them without informing their subscribers or allowing them to opt out. Blacklisting unaware users who happen to share a machine with a spammer's website is definately a complex question.)
Search 2010 Gen Con events
I totally agree that "chairperson" is clumsy. I much prefer simply "chair".
And I note that it is *you* that thinks this is a race issue. I just said that I didn't get the black=bad, white=good paradigm, (detour via caveman analogies notwithstanding). I never mentioned race (other than to note that others would shoot me down because they would jump to that conclusion).
As for the main point, as I pointed out in another post, on a practical level, "block list" and "accept list" are just much more meaningful in explaining what the lists do. Why would anyone choose to use alternatives that are less meaningful *and* may be be looked upon with distaste by some? The only reasons I can think of are (a) ignorance/laziness or (b) a deliberate "anti-PC" mentality. So which are you? Your surely won't attempt to claim that "blacklist" is more meaningful than "block list" will you?
My next sig will be ready soon, but subscribers can beat the rush
Paul Graham ate my balls.
You have got to be kidding me. _This_ is news? Come on, this guy can't even get his facts right. First major glaring error I see:
As of this writing, any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam. Why? Because the guys at the SBL want to pressure Yahoo, where paulgraham.com is hosted, to delete the site of a company they believe is spamming.
How about you do some research Paul? The SBL does not block based on domains, only IP addresses. DNSbl lists are always IP based, RHSbl lists are domain based.
I always found the SBL to be a very reliable DNSbl to use, and have never lost a legit e-mail to it before.
But hey, what do I know? I'm just one of those evil anti-business DNSbl admins (AHBL anyone?).
Brielle
What kind of fuckwit sysadmin would leave this option on? Everyone knows spammers don't use their real e-mail address, so what possible purpose could it serve to send an e-mail to the 'From' address of the message telling them the message was discarded because it was SPAM?
I have ZERO sympathy for ISPs who get blacklisted because they relayed SPAM. Get your shit together.
"A much better way to cut down on spam is to use $technology_I_created."
Ironically, the word ironically is often used incorrectly.
Fortunately your title perfectly captured the content of your post. The mail admin (MA) has ALWAYS had the capability to block those emails. What the black list is supposed to provide is a listing of mail sources that conform to criteria X, so that MA can decide whether to block those sources. The only reason MA can block mail between two people is because A) One of those people has trusted MA to handle mail for them, or B) One of them is a A**hole attempting to relay mail through my server. The second MA doesn't need a blacklist for, a properly configured server handles them.
The problem addressed by TFA is that some Blacklist maintainers are going off mission and are blocking site for reasosn other than critera X. So while I might want to use an account that only blocks sources that have actively spammed a list of "seed" addresses in the last hour, I'd be quite pissed to find they were also blocking Walmart because they opened a store nearby.
I do what I can to monitor my Blacklists, and weed out the ones that seem too aggressive. Some seem to suck far more than I would expect given their charters, I suspect they may have been up to this sort of monkey business.
My other car is a Popemobile
Hi Steve,
I totally agree with your comment. Paul *should* be contacting his ISP to see what they are doing about the problem. He is choosing not to contact them to hyperbolize his problem (and thus advocate Bayesian filtering instead).
However, I also think that Paul has a point when he writes, "I do think that whether an email comes from a server on a list of (supposed) spam sources is just one piece of evidence among many, and probably fairly unimportant evidence compared to the content of the email."
Since the SBL has been quite good about listing individual spamming IPs (not whole "collateral damage" ranges a la SPEWS) people have decided to rely on it quite heavily. This is both a curse and a blessing. Of course, no single RBL is 100% bulletproof against false positives, and any good solution to blocking spam will be a comprehensive one.
My $0.02,
Jaeson Schultz
Barring that, can we please use the following codes to save bandwidth, sort of like the prison inmates who numbered the jokes?
This guy does not host his own site, he does not care to take responsability for his actions, he uses cheap mass hosting.
The simple truth is that he trusts a third party with his data who cannot be reason of scale, look after him.
When he actually owns the equipment, rents the T1, and pays the upkeep on his gear, and buys his own IP range, he will have some control over over port 25, and maybe the rest of the world will give him the attention he deserves.
Until then, he will get the attention he deserves.
Everyone who cannot live without email from Paul please raise your hand.
Going away from SMTP, I am currently running a Squid HTTP proxy with a quite long blacklist of URLs and networks of "marketing" and "ad" companies.
I find myself doing for example a lookup of ad.marketingscum.com followed by a whois lookup of the IP address. If I find that they own a larger network like
NetRange: 216.73.80.0 - 216.73.95.255
CIDR: 216.73.80.0/20
NetName: DOUBLECLICK-NET
I enter the complete network into my blacklist. Are there any realtime blacklists for this purpose? This would be quite useful, wouldn't it?
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
Worst of all, many RBL's (including ours) pretty much block any dynamic IP pool as "dial-up zombie hell"--but a lot of these IPs get reallocated to broadband as DSL coverage grows, and we end up blocking genuine mail routers and SMTP relays instead.
We have a process for requesting the unblocking of an IP, but about 30% of the time the answer is "tough luck, pal. You (or your client who is trying to reach you) is blocked and we aren't unblocking you." There is no appeal process; if one of our admins decides not to unblock your IP or IP range, you can't reach any of our customers via email.
What, you don't maintain a local whitelist along with your blacklist? Exim Sendmail Postfix Qmail and others all support whitelisting. If it's blocked and you don't want it blocked, whitelist. You don't have to use the lists we supply verbatim.
I don't care what the result or future creation of any type of spam protection -- I just want something that consistantly works.
[%] Cingular Ringtones
Blacklists *ARE* very useful if used properly. While you shouldn't use a blacklist to reject unilaterally, it is a very strong indicator that a message is spam.
You still get false positives & false negatives though, so don't use a blacklist as the only criterion.
So, configure your spamfilter to rank the message a bit higher if the address is on a blacklist. Combined with lots of other spam characteristics, you can be very sure a message is spam.
Spamassassin makes this very easy.
With the minor quibble he rented to a drug dealer and then refused to cease renting to him when it became obvious the guy was, in fact, a drug dealer.
At that point, hell yes the police should shut down the whole damn mall, because something funny is going on there.
Of course, this analogy doesn't work, because this wasn't the police, it was simply people refusing to visit the mall, because no one would do anything about the damn drug dealer.
If corporations are people, aren't stockholders guilty of slavery?
After reading lots of clueless "murder", "rape" and "terrorist" ones it's refreshing to see someone hit the point.
:-)
There is no "clueless" moderation for "murder", "rape" or "terrorist", so please moderate "movie reviewers" and "pizza delivery" as insightful if you have any spare points left
Thank you.
Someone did in a way.
Show me on the doll where his noodly appendage touched you.
hmm. What's the relationship between the user 'Steve Linford, Spamh' (who's never made any comments before this story) and 'Steve Linford' (comments made back in 2001)?
Is for identification of relays only. This can be easily tested and confirmed by remote queries on the SMTP server. It's not very aggressive, but it definitely captures a lot of potential spam.
Sorry Paul has to start a public bitch session against SBL but he's mostly right. RBL's have a tendency to turn into evangelical power mongers who start attacking a lot of people who are more innocent than guilty and if proven wrong, simply blow them off.
The concept of RBL is probably still valid. But it's so poorly managed...
Our solution is to relay mail through another MTA (via VPN) for recipients that check Spews. But this illustrates yet another reason why the "blacklist the entire ISP" strategy is not good.
The solution to the IP abandoned by a spammer problem is simple: don't blacklist IP addresses. Instead, use SPF to validate the MAIL FROM, and base your blacklists on the MAIL FROM domain instead of the IP. Yes, spammers can also do SPF, and already have throwaway domains. But the namespace is *much* bigger, and their automated throwaway domains are not ones you would want anyway, (e.g. ajfkc.com).
Certainly. The answer, unfortunately of course, is "it depends". It depends on what your own tolerance of false-positives is, and what your current level and nature of spam is (where "you" also includes the users of your system - there's a world of difference between an ISP with tens of thousands of paying customers, a small organisation with a hundred employees, and a personal family/friends server).
My best advice is to carefully examine the policies of the RBLs, and revisit that examination on a regular basis. Look at whether the process by which IPs are added to a list is automatic, or human-moderated. Are they using spamtraps? Do they allow just anybody to submit addresses for listing? Is the listing process openly specified, or a black box? What is the procedure for de-listing an address? Google around for others' experiences using the list. This Declude page is a useful starting point (I have no relation to Declude).
Currently, I see the least collateral damage with the Spamhaus lists. My top recommendation would be the sbl-xbl.spamhaus.org list, a composite list consisting of known spammers plus a pretty good list of compromised/trojanned systems.
On one extreme, SPEWS is hardcore - I would never recommend them to anyone who isn't very well aware of the implications of what they are doing. On the other end of the scale, open relay lists like relays.ordb.org and the like are very benign, but less useful, since there hardly are any more open relays these days. I used to really like Spamcop's lists, but I lost faith in them a couple of years ago when I experienced some inexcusable cock-ups. More recently, Spamcop changed listing policy and started listing systems that were sending "mis-directed bounces", which I personally find misguided (long story, see this discussion for a start). Also be careful about "multi-stage" or "multi-hop" lists. These can often end up listing major ISP servers, simply because one of their clients relayed a spam that way, typically caused by a trojan-type infection.
I've also had trustworthy results with cbl.abuseat.org, and in a typical configuration I often also use relays.ordb.org (open relays) and list.dsbl.org.
My next sig will be ready soon, but subscribers can beat the rush
Considering how much my spam has been reduced by the SBL (anywhere from at least 50% up to 75%) I'd like to just say:
The mail servers under my control have always subscribed to the SBL-XBL (well, more accurately, before the XBL was established it was the SBL and cbl.abuseat.org. The latter is dedicated to short-term [72 hours, as I recall] blocking of e.g. spammers operating on DSL or cablemodem lines who are likely to appear on an IP address once or twice and then get kicked off. The CBL is now also represented in the XBL). I have so far, in the last 3-4 years or so, only been able to confirm 1 and 1/2 "false" positives in that entire time - one was from a person in China who was using a confirmed spam-haven ISP, the "1/2" from a company that, after an informative response from the CBL people, I believe were listed for appropriate reasons. In any case, the latter case cleared itself up when they were automatically re-removed from the CBL [they'd been there before] and the email lost WAS an advertisement anyway...)
I have noticed the numerous stories of overzealous blocklists, which are obviously a bad thing, but I can't think of a way to reasonably put the SBL in that category...
Besides, bayesian filtering only works AFTER the spammer has been allowed to tie up my mail server's bandwidth (and then allows them to tie up your mail server's CPU time with the bayesian analysis). I prefer to cut off known spammers before that point whenever possible. THEN I pass the remaining messages through SpamAssassin. Back in the early days of spam, I used to actually go to the effort of picking apart the mail headers and looking up the abuse addresses for the ISP whence the mail came AND the hoster of the spammers website (and on one or two occasions, even the registrar for the spammer's domain name, when I could confirm that the information was falsified). It's been a long time since I was able to keep up doing that with the volume of spam coming in, but I still can't stand the thought of allowing spammers to take ANYTHING from me that I can prevent...
Hacker Public Radio is our Friend
I'm free to filter my mail any way I want. That's good.
A bunch of spam fighters who want to pool their statistics to fight spam more efficiently are free to do that. That's good.
If they want to put their results online where everybody can see them, that's good.
If my ISP wants to improve my email experience by letting me use the spam fighters' online database, that's good. (They do. I like it.)
If an ISP thinks most of their customers wouldn't want to wrestle with the details of spam filtering, and would prefer to have the ISP make the filtering decisions, that might not be the service I want, but I'll defend their right to offer that service.
If SBC has rented my daughter a damaged IP address, one with a bad reputation for spamming, that's bad: I nearly missed a message from her that went into my Spam folder. I hope my daughter can switch to a service that tries harder to keep its IP inventory clean. Absent that threat, I don't see why SBC would make any effort to reduce spamming.
So, SBC is free to decide how vigorously to discourage spamming. My daughter is free to choose her ISP. I am free to use the information that spam-fighting groups share freely. Life could be far worse.
But my daughter, having innocently rented this damaged IP address, must be having trouble sending email to people who filter their email with blocklists. That's bad. But aside from the spammers, I don't see whose freedom we should abridge to alleviate the problem.
Another good article on the subject is: "The Spam Problem: Moving Beyond RBLs" by Philip Jacob
does that sound reasonable?
No, that is not a reasonable analogy. They are separate addresses. One is Suite 100, another is Suite 200. They have separate walls. There are separate locks on the doors. There are no shared facilities, other than a parking lot. Yours would work well if they blocked IP/24 upon an infringement. But they blocked only IP/32. That means that they were specific enough to hit only the Suite 100. Suite 200 was not affected. However, the two vendors sharing Suite 100 were both affected, even though only one was a criminal.
Learn to love Alaska
If you maintain your own black/white/grey lists, then you control what goes in which list. You can fix the lists if they break, as soon as you know about the breakage.
If you share your lists with friends, then you are losing some of the control. But you gain a wider range of coverage, as well. It may or may not be good, but the key point is that you have reason to trust (or not to trust) any particular friend's blacklist, and you are still making the decision.
Particularly, if the sharing mechanism uses some sort of rating system and allows you to tune the shared lists for yourself, you maintain control.
But when you share the lists of people you don't know, you no longer have a valid basis of trust. The only basis of trust that remains is the basis of advertisement. You are essentially giving your freedom into the hands of the group with the best ads.
Centrally administered blacklists are by nature in the latter category.
Therefore, centrally administered blacklists are not a good idea.
I've been a SPAMCOP member for years and other than the odd time I've fouled something up, it's worked flawlessly. I'm subscribed to all the BH lists + spamassassin and it cuts my SPAM from 2000 + a week to less than 3 a day. Lists work. If you don't like them, get your ISP to fix their services. Spammers only exist because of loopholes and slacker admin policies.
It's harsh that sometimes people get caught up in the crossfire, but there's a reason - usually a good one - why it happens. The author of the article knew what he was getting into, he should have built his house out of bricks - not straw. I trust the sysadmins that make the lists *more* than I trust users to take a hand in fixing their bot ridden boxes and stopping the problem.
Sigs? We don't need no steekin Sigs!
paulgraham.com is 66.163.161.45. When I check IP on either side, they are not listed. Only that one IP address is listed. Paul Graham is not a victim of collateral damage of a wideranging netblock, his single IP has been blocked because it was the previous address of textileshop.com. Its in the sbl evidence file SBL27945.
host paulgraham.com
paulgraham.com has address 66.163.161.45
host 66.163.161.45
45.161.163.66.in-addr.arpa domain name pointer html3.store.vip.sc5.yahoo.com
44.161.163.66.sbl-xbl.spamhaus.org not found: 3(NXDOMAIN)
45.161.163.66.sbl-xbl.spamhaus.org has address 127.0.0.2
46.161.163.66.sbl-xbl.spamhaus.org not found: 3(NXDOMAIN)
But how do you know who drove your car before you did? You don't.
This is, strictly speaking, terrorism: harming innnocent people as a way to pressure some central authority into doing what you want.
Though calling everything "terrorism" is all the rage these days, it's not actually terrorism, rather it is extortion, blackmail, or something else along those lines. MAPS actions as described by Paul may have been completely reprehensible, but it's a far cry from striking fear into the populace's hearts by murdering some random selection(s) of them. Man, if techies can't limit the rhetoric, who can?
Flying is easy, just throw yourself at the ground and miss. -Douglas Adams
Some postmasters are piss poor, period. But I'm not one of those, so forget the hypothetical finger pointing and deal with the actuality : RBLs work, and work well, even though they're not maintenance-free, and they're not a panacea.
Have you ever found anyone that got hit in the expanding scope issue that still relies on RBL's?
So little of your post makes any rational sense, but this bit is particularly perplexing. What on earth are you on about?
Maybe I'm just missing your point. How exactly do the Safe Harbor provisions have any bearing?
My next sig will be ready soon, but subscribers can beat the rush
this is why you get people who know what they're doing to write contracts. you mean your SLA and underlying contract with your ISP doesn't mention availability and the like?
That works fine for him to keep the mail coming in. The problem is when you combine the annoying "dynamic ip range" lists with an idiotic admin that thinks using one to blindly deny is a good idea. I mentioned in another post, but Juno and Netzero do this. Neither will pay attention to you when you complain. Of course they also RBL deny their postmaster account, which is a no-no.
I thought my analogy was "they're both guilt by unknowing association, no matter what the end result is". Should I spell it out some more? I'll do so now.
In our current situation, we have a guy renting a car at Enterprise. He deals crack.
Later another man goes to Enterprise and rents a car. He knows nothing of the crack dealer out and about in the streets selling his wares. All he knows is that Enterprise has cars to rent and he needs to rent a car. So he rents the car.
The crack dealer gets caught by the police. Since he was driving a car he rented by Enterprise, according to this particular blacklist's logic, every person who rents a car at Enterprise is now guilty. The police then go out and arrest everyone who rented a car at Enterprise, because they are also guilty.
What's the core situation I'm describing, regardless of the details? "If someone does something wrong while using ServiceX, everyone at ServiceX gets punished. Even if no one using ServiceX knows any of the other clients there, regardless of whether they were also breaking RuleY, they get punished as well, just because someone they never met fucked up."
That's how this "analogy" I've posited ties in with this situation. If I had spent more time developing an analogy, that would be fine. But I guess I expected the readers here to use at least a smidgen of their supposed IQs and figure this out on their own. It may not be pretty, but it does work.
That, like my previous analogy, is a bit misrepresentitive of the situation.
Would I be offended if I went to an establishment that specializes in rentals. I rented a carpet cleaner there because I have a cat that sheds excessively. I'm a repeat customer because the rates are good and the service is excellent.
Someone else, whom I've never met, also rents carpet cleaners there. Except they use them to do all sorts of nefarious and unsavory things (imagine what you will). It becomes known where this person rents this carpet cleaner - the town is outraged at his actions - so they blacklist everyone who continues to rent at that store.
Here's where we come to a possible branch in the road.
Possibility A: Suddenly people stop talking to you because you rent there. Are you angry? Absolutely. Mostly because people are jackasses. But you still stop using that rental establishment because they do nothing to alleviate the problem.
Possibility B: The rental establishment finds out - at the same time as everyone else - that their equipment is being misused and does not allow this person to rent from them again. Everyone who shops at this rental establishment is blacklisted anyway - not because the establishment has done anything unsavory on their part, but because the person making the blacklist is completely inept and power hungry. You, as a customer, are still being fucked over - not because of the rental establishment, but because of the person compiling the blacklist. What do you do? Do you leave your rental establishment, even though they're doing nothing wrong? Or do you beat the shit out of the person making the blacklist for being a cockbiting fucktard?
And that's the problem here. When blacklists are updated in an objective and timely manner, they're great. But, as seems to happen over time, the likelyhood of that happening seems to deteriorate. Entirely too many respectible and honest colos and hosting providers are being fucked by blacklist maintainers who have lost their way.
Spamblocks are not the problem, they are an attempted solution that is not perfect. the real problem is spam itself. spam has made email from a reliable medium into a marketing tool, used to force advertising on us at our own expense.
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
I once worked for a company whose mail started bouncing (including stuff like order confirmation emails) due to having a well-known spammer in the same /24 block! We complained to the blacklist (I forget which one(s)) and were told basically that we had to lean on our ISP to can the spammer. Since the spammer was paying them like $5k a month or something, and we were paying like $700, it was a no-brainer for them. There was nothing we could do. These guys are like the gestapo in that sense. On the one hand, yes it's all voluntary, but on the other hand they could at least pretend to care about the collateral damage they cause.
rooooar
Email was never designed to be a reliable system to begin with, and thinking that it was is a fairly foolish thing to do. It's a best effort system. Simple as that.
Funnily enough, no RBL has ever stopped me from getting email from places where I've made purchases or what have you.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Whether Yahoo! happens to have a spammer today or not is largely irrelevent, no ISP has a fool-proof anti-spammer policy, and spammers are going to come and go no matter how much work ISPs can do to fix this.
There are several guilty parties here. If I had to put everything by order of "This guy caused this email to be blocked", I'd say the order was:
- Destination postmaster (and their employer)
- Blacklist operator
- Spammer
- Yahoo
These parties can reasonably be said to have had some role in blocking the message. The person who administers email for the person who wants to receive it but can't is the person clearly most responsible. The blacklist operators are too, for putting this "ingredient" (Yahoo is a spammer) in the drug they're trying to push, and for pushing it. The spammer is clearly at fault for being part of a group that caused a problem in the first place. And Yahoo might be at fault if they knowingly allowed the spammer to operate.But let's be reasonable. Complaints should start with the people who can fix the problem, not at dubiously related parties for not being a loud enough member of an ideological crusade.
You are not alone. This is not normal. None of this is normal.
so they blacklist everyone who continues to rent at that store.
But that's not what happened. There wasn't indiscriminate blacklisting of everyone that used the store. There were "good" machines available, for a higher cost. There are the "shared" machines which are seedier. The person specifically picked the cheaper one with the higher risks.
I think I finally came up with an analogy that makes my point better.
An honest businessman is in town for a 6 hour layover. With lunch and travel time, he has time for a 2 hour nap. He passes by two hotels. One is a Holiday Inn. The rates are $200 per night. He also sees "Joe's Hotel" next door. Their rates are $50 per hour. He picks the hourly rate because it is cheaper. He may or may not be aware that hourly rate hotels are not as reputable. 24 hours later, a dead prostitute is fond in that room. The room is dusted, and with the poor housecleaning, all people there for the last week or so, including the poor innocent businessman, are rounded up by the police and held for hours in interrogation. His reputation is soiled by being picked up in a murder investigation.
So, I'd think that he was partially responsible. Dedicated hosting/hotel room was available, and he chose the solution that resuled in cheaper prices and greater risk. I also think that the actions of the police/list makers were quite reasonable. There was proof that a "crime" was committed there. Anyone there around the time of the crime is suspect. The person in the next room is not inconvenienced. Not everyone at the hotel is inconvenienced. Just the people that were in that one specific room.
Oh, as an aside I'm currently on a RBL. Why? Because I pay $5 per month for some crappy hosting. It is for a non-profit with few hits. So, I'm on a server with a bunch of other people. On of them got on the list (for what, I have no idea). So, I'm on the list with them. Do I care? No, not really. That's what I'd expect when getting a dirt-cheap shared service. When you aren't willing to pay for the service you expect, it is your own damn fault when you don't get it. He was an idiot that wants all the benefits of dedicated hosting for the price of shared hosting. Obviously, I have no sympathy for him...
Learn to love Alaska
Sadly, that isn't what they do. My colo was slammed by Spamhaus a year ago because someone else there was spamming. The spammer was eventually booted - before the entire colo was blacklisted - but the person (whoever that was) that was managing this particular blacklist situation decided the colo wasn't helpful enough - and without any spam known to be currently flowing out their pipes - added them anyway.
There went the business of many webhosts who rented dedicated servers there, as their clients could no longer count on their emails being received. If it were just one IP, that was fine, but they blocked the IP of every computer this colo owned (at that datacenter, at least). Hundreds of dedicated boxes were down, and that's just boxes - not the drastically large number of people who were screwed over.
After a few months, things worked out. Spamhaus fixed the problem eventually, after daily emails back and forth between the colo and Spamhaus' contact.
I should note that this is the information the colo filtered out to their clients. With that said, my dedicated box, with 5 IPs assigned to it, was blocked because someone else's box, with a completely different IP, was spamming and the tech at the colo didn't bow to Spamhaus's demands. Blanket blocking is ridiculous - it's one thing to block an IP, it's another thing to block the entire range of IPs.
First, thanks very much Steve for your tireless service to the community. We've been using your SBL for a long time and it has helped tremendously.
It really bothers me that people compare filtering to RBLs. They are really two completely different animals. RBLs *stop spammers from communicating with you* thereby keeping them from stealing bandwidth and system resources (which is the nucleus of the formula which has the capacity to make their unethical and illegal efforts economical and practical). Content-based filtering does not. It requires even more resources by the victim network and doesn't address the critical issue that is spammers' consuming a disproportionate amount of resources for the cost.
For people who choose to employ content-based filtering, good for you, but know that your efforts are not at all contributing towards the reduction of spam -- quite the opposite. RBLs however, do. They cause spammers to spend more money and time to do their spamming by moving about in IP space trying to find rogue ISPs, infecting clients and other methods to get around RBLs. The only way you stop spam is by negating the economic formula that makes spamming practical, and the only solution that does this right now are RBLs.
If Graham wants to plug filtering, that's his prerogative, but he shouldn't call himself any sort of champion in the war against spam. He's just a champion of sorting his mailbox folders.
Just to get the full disclosure thing out up front: I have known Steve Linford of Spamhaus professionally for almost a decade and was an employee of MAPS (Senior Consultant in their Consulting Services Group and later Director of Customer Operations) before their 2001 collapse. I've also been working with real-world mail systems and spam control since the early 90's. Whether those facts make me informed or biased or both is a judgment call...
Graham's description of what happened at MAPS is not just inaccurate, it is dead wrong and appears to have been invented to draw a sort of inherent lifecycle picture of blacklists. It makes a cute story, but it is a pure fantasy. Yes, MAPS had a period where their listings and escalations were not as careful as they should have been. That would have been 1999 or so. By mid-2000 MAPS was careful enough with listings that some of the more fanatical folks calling themselves 'anti-spammers' (see news.admin.net-abuse.email) were calling MAPS 'soft' and even accusing Paul Vixie of being in collusion with some of the entities MAPS refrained from listing. MAPS collapsed *financially* starting in early 2001 not because its users went away but because it was a non-profit organization with a very bubble-sensitive funding base. MAPS' lists were free of charge and open to all users at that time, so losing users would not have been a contributor to the *finanical* problems that pushed them into irrelevancy. On top of that, multiple *spammers* (not innocent victims) sued MAPS over listings and pursued those cases in ways that imposed huge legal costs on MAPS for suits that never really moved forward towards trial. In 2001 MAPS effectively committed suicide, settling all the cases by de-listing the plaintiffs, shedding most of its employees, and making the use of its lists available only to paying customers. There are still a lot of users of the MAPS lists and I understand those lists still manage to help stop spam for those customers, but it is off of Paul Graham's radar and a lot of the public spam discussion radar because it stopped offering any free services almost 4 years ago and it stopped doing anything that the larger and better funded spammers cared enough about to keep suing.
As for what Spamhaus is doing now that is having an impact on his mail, Graham is overstating the situation. The SBL listing details why the single IP address that Yahoo has assigned to his site was listed. It was being used for a 'store' for a longtime spammer. Yahoo uses a complex load-balancing system for hosting, so I can't say for sure when or how or why that address became the one that www.paulgraham.com resolves to, but now it does. The spammer's store now resolves to an address in the same /29 block, but when or why it moved thee is not obvious and the DNS TTL's and zone serial number indicate that it could be back on the listed address within an hour or so. The short version: Spamhaus listed a single address that was being used for a spammer's web store, the spammer's web store was moved to a different address, and Paul Graham's site was left in its place. That move may not have been in any way calculated by Yahoo, it may have been pure accident. This is not a case of Spamhaus listing all of Yahoo: that's not something they do. They listed a single IP address that was in use by a spammer, and is now in use by Paul Graham. The spammer's facilities remain at Yahoo on a different IP address.
You can make your own judgment on what that says about Yahoo.
Graham's description of the impact is worse. He claims that 'any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam' and that is plainly false. Most mail servers that use the SBL use it as a classic DNSBL: mail coming from any IP address that is listed gets refused. Some mail server operators have chosen to take this a step further, and use tools like Spam Assassin 3.0 that look into the message data for URL's and resolve them to a server IP that is checked against th
A formal analogy is in the format a:b::y:z so you might want to try fitting your "analogy" into that format. That will show where you're wrong.Okay, so
A = Enterprise?
A = Renting car?
A = Renting car at Enterprise?
A = Dealing crack?
Which is it? Remember, the analogy is about the relationship.And now you're introducing the police.
A = police?
A = caught by police?
Or are you onto item B now?Oh, look, now you've introduced ANOTHER item, the blacklist.
I guess in YOUR world, an analogy is
A:B:C:D:E:F::Y:Z
Maybe you shouldn't use the term "analogy" at all, okay?Again, you might want to review what an "analogy" is before you start claiming that you're stating one.
Here's a BETTER analogy for you:
(non-spammer on email blacklist)
is to
(message rejected)
as
(black man)
is to
(not picked up by taxi driver)
See the relationship? See how there are only two items in each relationship? See how the relationships are compared?You might want to look at how many items you just mentioned and then look at my REAL analogy and see where you failed.Only if you don't know what an "analogy" is, which, clearly, you don't.Again, analogies are very simple and very easy.
But there are lots of people who don't have the education to understand what an analogy is. You seem to be one of them.
Here's a link to help you (in addition to the one I've already supplied):
http://www.datanation.com/fallacies/falsean.htm
However, the core issue of spam blacklists deliberately targetting innocents
No blacklist out there delibrately targets innocents. Not one. They target "spam-friendly" ISPs and users of those ISPs because those users are paying money to those ISPs. These users are not "innocent". They are financially supporting an ISP that allows spammers to operate. They may not know this, but after they get blocked they usually find out pretty quickly.
It is perfectly acceptable to go after these users as targets, because they are contributing to the problem whether they are aware of it or not.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
I don't call it FUD if he is actually experiencing the problem. Paul has near zero control over the allocation of the IP space he uses. Yahoo can remove the spammer after complaints, but the importaint issue is:
ONLY AFTER THE DAMAGE IS DONE.
The nondelivered mail remains non-delivered. It will remained undelivered until someone up the foodchain gives in to your demands. Interestingly, most blackmailers give their demands first and then execute consequences once those demands aren't met. Here we find the notification of demands is by rendering consequences *first* on a collection of randomly choosen innocent victims. Maybe they will figure out *why* e-mail isn't delivered, but we aren't going to actually give them any hints that could help them...
"If those innocent would just complain and have the spammer removed" is what I usually hear... but that takes time, and during that time the consequences remain enforced. I noticed here it is a new day and the block remains.
Sorry, it isn't FUD when you can point to the objective fact: Paul Graham is suffering from blocked e-mails based because of an accidental relationships with an IP address. Sounds like he has that "power corrupts" thing down just right to me based on what is said in your comment: "Graham has no concern for the fact that he is sharing his IP with a spammer". WTF? He seems awful concerned to me. What you really seem to mean is "Graham is GUILTY of the fact that he is sharing his IP with a spammer. If he won't bow to our will, well, we don't force anyone to use our block lists (just a lot of people do)."
Sig under construction since 1998.
You don't understand. Yahoo Store (yahoo-inc.com) was given plenty of warnings about the spammer hosted on the IP (one IP, not "all of Yahoo" as Graham tries to imply), Yahoo-in.com has ingnored all complaints about the spammer, they were repeatedly told the IP would be placed on the SBL if the spammer was allowed to continue spamming hosted on the IP.
Paul Graham is not "suffering" as he pretends, Graham WORKS for Yahoo-inc.com - in other words he works for the very same firm ignoring the complaints for the spammer. He can actually remove the spammer himself, but it's more valuable to him to have the spammer on his IP.
Check the Whois record for the domain:
Domain Name: PAULGRAHAM.COM
Administrative Contact:
Graham, Paul (PG174) pg@YAHOO-INC.COM
Yahoo!
3420 CENTRAL EXPY
SANTA CLARA, CA 95051-0703
The deception is greater than you imagine.
Skye16 represents his extraordinarily poor analogy as:
This is the only element I'm particularly pointing out, because it's one of the bits khasim missed (in his otherwise very precise analysis of your bad analogy).
The thing to remember about blacklists like Spamhaus and SPEWS that list IP ranges is that the block is not aimed at the spammer so much as it is aimed at the ISP hosting the spammer. So the point is that it's the ISP being "punished", not the users of the ISP.
So in your analogy, the users of ServiceX wouldn't be touched, just ServiceX itself. The only downside for the users of ServiceX is that they can't use ServiceX anymore - at least for whatever translates as email service in your (bad) analogy.
While we're talking about analogies, the one I've seen most often used by supporters of wide-ranging email blacklists (including myself) is the pizza-delivery analogy. If you live in a known-bad neighbourhood, you may find that your local pizza-delivery chain won't take orders to deliver there ("won't take orders" == "won't accept email"). They might do that because they've had too many orders from that neighbourhood for which their delivery people aren't paid ("unpaid orders" == "email accepted which turned out to be spam"). So they decide it's just not worth accepting orders from your neighbourhood anymore.
The only point where that analogy falls down is that it's actually much easier for a user of an ISP to change than it is for someone to change house out of a bad neighbourhood :). And of course it's much easier for someone to send their email through an external known-good relay than it is for someone in a bad neighbourhood to relay all their pizza orders through a known-good friend in another neighbourhood.
It's inappropriate for a few reasons, but the one key reason that I noticed is as follows. Legally speaking, when someone rents a property (whether for living in or for running a store) they are in most key respects supposed to be treated as though it's their property. For example, the real owner is not allowed to intrude upon the property except very occasionally, and only for a brief inspection.
But anyway, the difference with ISPs and their users is that their users are not necessarily recognised as having any sort of legal claim on any of the IP addresses of that ISP. So while the cops (normally) can't shut down independently-leased properties just because someone at a neighbouring property committed a crime, there's nothing wrong with a spam-free ISP refusing to accept email from the network space of a spam-supporting ISP.
I'm not even going to discuss the difference between an active action, eg. shutting down stores, and a passive action, eg. an ISP refusing to accept email (or other kinds of network traffic) from another. :)
Name one SMTP blacklist - just one - that tries to track non-spamming users of a spam-supporting ISP, and tries to maintain blacklists against those users when they move outside the blacklisted ISP.
Having trouble? Of course you are. Because there are no blacklists that do that. None. Zip, zilch, zero.
Next analogy please. If you keep trying, maybe eventually you'll hit on one that doesn't suck quite so badly :-).
BTW - a good analogy is simple, with the absolute minimum distinct components. A bad analogy is (usually) more complicated... because someone using a bad analogy wants to obscure the fact that it's bad, so they make it as complicated and confusing as possible.
Hint. Hint hint. :)
It's much clearer and simpler and straightforward and more honest if you put it this way:
"My ISP took a spammer on as a client. The spammer spammed. The ISP received at least one and probably many complaints. They did not terminate the spammer's account. The IP address used by their spamming client got blacklisted. The ISP still did nothing. A wider swathe of IP addresses belonging to that ISP got blacklisted. The ISP's legit customers started complaining. The ISP finally got rid of their spammer and started trying to get themselves off the Spamhaus blacklist. And so I'm complaining about Spamhaus, because they're obviously the bad guys here."
*roll of eyes, grin*
That said, I am nevertheless rather intrigued by your assertion that you, a non-spammer, were trapped under Spamhaus' blacklist of your ISP for several months after your ISP was completely free of spammer scum.
That sounds rather unlikely, from what I understand of Spamhaus' policies. Can you give any specifics (eg. ISP name, specific date ranges that your IP addresses were blocked, the range of your ISP's IP addresses that were blocked, a Spamhaus record about the incident?... Because if I can verify that you're actually telling the truth, my respect for Spamhaus will drop several notches.
"In the business of pushing Bayesian anti-spam filtering"?
Pardon me?
From what product that uses Bayesian filtering is Paul Graham making money?
What service is Paul Graham providing that benefits from the use of Bayesian filtering?
To be "in the business of" something, a person must be "in business" making money from that thing. Where is your evidence that Paul Graham has some financial stake in the success of Bayesian filtering?
As for myself, I've seen none. And I'm calling shenanigans on your attempt to make people believe otherwise.
Jeremy
Looking for a Python IRC bot?
What bothers me is the legacy support for segmented addressing and all the other legacy kruft. If I were Apple CEO, I would make sure that ARM is supported just like he made sure that x86 was supported five years ago.