Paul Graham Describes Dangers of Spam Blacklists

← Back to Stories (view on slashdot.org)

Paul Graham Describes Dangers of Spam Blacklists

Posted by CmdrTaco on Thursday June 16, 2005 @07:19AM from the what-we're-stuck-with dept.

CRoby writes "Paul Graham posted an essay describing the danger and corruption of the main spammer blacklists today. It discusses MAPS and the SBL, the blacklist created to try to alleviate the abuses of MAPS, and suggests (maybe) another blacklist's creation."

6 of 611 comments (clear)

Min score:

Reason:

Sort:

Definitely a bad idea... by nev4 · 2005-06-16 07:22 · Score: 3, Informative

We've been blacklisted before and the sysadmins who run these things often WILL NOT remove you, no matter what. I'd take all the SPAM anyday vs. not being able to send legitimate emails.
1. Re:Definitely a bad idea... by Anonymous Coward · 2005-06-16 07:31 · Score: 3, Informative
  
  You really don't get it.
  
  The point isn't *me* using MAPS/SBL. The point is that others use it, thinking it makes a difference. Your netblock (that is, your ISPs netblock, or your ISPs ISPs netblock, etc) gets included in that list and *bang* you're a casualty of war.
  
  Get it yet?
A few comments by alanw · 2005-06-16 07:23 · Score: 4, Informative

From Paul Graham's original article http://paulgraham.com/spamhausblacklist.html
any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam
The primary use of the SBL is to allow sysadmins to refuse e-mail coming from listed IP addresses. The mail should be rejected during the SMTP header conversation, and the senders of genuine (non-spam and non-virus) e-mails will receive a non-delivery report from their outgoing MTA.
I assume that what Paul Graham is complaining about must be SpamAssassin, or some other content filter, applying a score to articles containing URLs, which when looked up in DNS resolve to listed IP addresses. This is much less acceptable, since the sender has no way to know that their e-mail may have been classified as spam.

The details of the listing can be found at http://www.spamhaus.org/sbl/sbl.lasso?query=SBL279 45. This is a /32 - i.e. a single IP address. I don't know why Paul Graham's web site (which has that IP address) has been associated with textileshop.com, which has a completely different IP address.

The other Yahoo listing on the SBL is also a /32.

I also note in another of Paul Graham's articles http://paulgraham.com/sblbad.html he claims

The most notorious example is the MAPS RBL
As any fule kno, the most notorious spam blacklist is SPEWS. ~
1. Re:A few comments by mercuryresearch · 2005-06-16 07:47 · Score: 3, Informative
  
  Seeing as how this exact situation happened to me this week, I can provide some light on the /32 IP address issue.
  
  In my case, I moved a server to a new colo facility. Most facilities have an IP block, and you get assigned an IP from it. Six months or a year ago that IP might have belonged to someone else. For me, it turned out in February a spammer installed a server at the colo, spammed from that server for a single day before the colo ISP turned them off. That IP got listed in Spamhaus; in the beginning of June I was assigned that IP.
  
  So, I ended up with a Spamhaus listing for my mail server's IP address -- and _I_ can't get it removed. Spamhaus expects the colo operator to contact them (which they did on my request) but even there, if the blacklist operator doesn't like the ISP/colo people, they can ignore the request.
  
  Fortunately Spamhaus listened and I got the record for my IP removed. But this showed me it was trivial for a non-spammer to inherit a blacklisted IP. I've added doing DNSBL checks on colo-assigned IP addresses for future moves to prevent any future issues.
Paul is just pissed because... by SSpade · 2005-06-16 07:23 · Score: 3, Informative

...his website is hosted on the same IP address as a spammer (textileshop.com) was on yesterday, and because of that he's seeing some of his mail blocked.

There's certainly a need for thoughtful and hopefully positive criticism of blacklist behaviour. This article is not it.
1. Re:Paul is just pissed because... by SSpade · 2005-06-16 07:40 · Score: 3, Informative
  
  Actually the IP address that's listed is store.yahoo.com.
  
  Yahoo hosting is riddled with spammers, and store.yahoo.com is where most of them live, and where they accept credit cards for their purchases.
  
  The SBL lists IP addresses that are involved in spam. 66.163.161.45 is involved in a lot of spam. It's not been removed from the SBL because, well, it's still actively being used by spammers.
  
  Because countless spammers register domains on a daily basis, yet point them at the same IP addresses some people choose to resolve the URLs in incoming email and bounce the mail if any of them resolve to particularly filthy IP addresses.
  
  66.163.161.45 is filthy. Blocking mail that has URLs pointing there will stop a fair amount of spam. Not an approach I'd use myself, but certainly a lot more effective (in terms of spam caugh and false positives) than many, many other approaches in widespread use.
  
  Paul chose to host his website there, despite supposedly knowing a lot about the spam issue. That was probably not a good call.