Slashdot Mirror

← Back to Stories (view on slashdot.org)

Paul Graham Describes Dangers of Spam Blacklists

Posted by CmdrTaco on from the what-we're-stuck-with dept.

CRoby writes "Paul Graham posted an essay describing the danger and corruption of the main spammer blacklists today. It discusses MAPS and the SBL, the blacklist created to try to alleviate the abuses of MAPS, and suggests (maybe) another blacklist's creation."

5 of 611 comments (clear)

  1. Not like people get all radical about it... by dmorin · · Score: 4, Interesting
    Actual quote I have heard on the subject of spam blacklists: "I don't care that you're not a spammer. Your ISP allows spammers in their midst and therefore you all go on the list. Get a new ISP."

    Oh, ok. Nothing like over reacting a bit.

    --
    www.HearMySoulSpeak.com
    1. Re:Not like people get all radical about it... by Uruk · · Score: 4, Interesting

      No, the principle is that if ISPs know that this kind of overreaction will occur, they will make quite sure that they don't have spammers in their midst. In essence, it's an attempt to incentivize ISPs to police themselves.

      What's the alternative? Having some centralized, international spam cop whose job it is to clean up every ISP on the planet? If ISPs get a completely free pass on spam and don't have to care whether their subscribers are abusing other people or not, where is their incentive to prevent the abuse? The way you avoid the tragedy of the commons is by getting people to see their individual stake in the issue.

      Certainly the quote that you're pointing out isn't the most diplomatic or effective way of putting it, and I doubt this kind of thinking is behind that quote - it probably is the knee-jerk reaction that you're identifying it for. Still, the idea might have some merit.

      --
      -- Truth goes out the door when rumor comes innuendo. -- Groucho Marx
  2. Pay and you get removed by tmk · · Score: 4, Interesting

    I have found an interesting offer: pay 50 bucks and you are removed immediately from the spam list. Have a look here.

    Interesting: The company won't say who they are. They say this was approved by local authorities, but this is bullshit. Local authorities can not brake federal law in Germany.

  3. Guideline, not a rule by bitflip · · Score: 5, Interesting

    I use blacklists all the time. Rather than simply rejecting the mail, if the server is on a blacklist, the initial OK is delayed by five seconds.

    If you're sending a ton of mail, i.e., spam, little of it gets through. If you're only sending one or two messages, ie, likely legit mail, it goes through just fine.

    Combined with more specific stuff further back (bayes, et. al), it's been quite effective at reducing the amount of spam sent, and the amount of mail that gets scanned.

    The problem isn't blacklists, its how people use them.

  4. "Power-hungry weenies" by slavemowgli · · Score: 5, Interesting

    Interestingly enough, the owner of the acme.com domain who was recently featured in a story due to his getting more than a million spam mails (well, attempts to send spam) a day, agrees:

    DNS-RBLs - Domain Name System Realtime Black Lists. In theory the idea is fine. You have a set of sites that you blacklist, and you want to let other folks use the same list so you distribute it using DNS, which is a nice efficient de-centralized database. What's not to like?

    Well, I don't know why, but in practice every single DNS-RBL eventually comes under the control of power-hungry weenies. They start listing sites unreliably, and if you complain you find yourself listed. And there's usually no way to get off the list.

    A lot of people tell me I'm wrong about this. They say that certain DNS-RBLs are ok, with objective criteria for inclusion and simple procedures for getting off the list. The thing is, they give conflicting recommendations for which lists are good and which are bad. Some of these folks recommend lists which I know from personal experience are bad.

    This problem is really inherent in the way DNS-RBLs are set up. You cede control of your mail system to a third party, with no real possibility of checking how they are doing. The people running the lists get overwhelmed with bogus feedback from spammers and/or idiots, to the point where they assume all their mail about the lists is from spammers and/or idiots.

    If the lists you use have not yet descended into corruption and chaos, consider yourself temporarily lucky.

    Do not use DNS-RBLs.

    (from http://www.acme.com/mail_filtering/shame_frameset. html)

    --
    quidquid latine dictum sit altum videtur.