Slashdot Mirror

← Back to Stories (view on slashdot.org)

Paul Graham Describes Dangers of Spam Blacklists

Posted by CmdrTaco on from the what-we're-stuck-with dept.

CRoby writes "Paul Graham posted an essay describing the danger and corruption of the main spammer blacklists today. It discusses MAPS and the SBL, the blacklist created to try to alleviate the abuses of MAPS, and suggests (maybe) another blacklist's creation."

41 of 611 comments (clear)

  1. $article_title by $blowhard by Neil+Blender · · Score: 4, Funny

    $idea will not help cut down on spam. In fact, it is detrimental. This has been know for $num_years years, but I feel I must prove that I am really smart by writing an article about it.

  2. Definitely a bad idea... by nev4 · · Score: 3, Informative

    We've been blacklisted before and the sysadmins who run these things often WILL NOT remove you, no matter what. I'd take all the SPAM anyday vs. not being able to send legitimate emails.

    1. Re:Definitely a bad idea... by Anonymous Coward · · Score: 3, Informative

      You really don't get it.

      The point isn't *me* using MAPS/SBL. The point is that others use it, thinking it makes a difference. Your netblock (that is, your ISPs netblock, or your ISPs ISPs netblock, etc) gets included in that list and *bang* you're a casualty of war.

      Get it yet?

    2. Re:Definitely a bad idea... by Vainglorious+Coward · · Score: 5, Insightful

      I'd take all the SPAM anyday vs. not being able to send legitimate emails.

      Except that blocklists don't stop you sending email, they merely allow others to decide whether to accept that mail. Or do you think other people should be forced to accept any and every email you send?

      --
      My next sig will be ready soon, but subscribers can beat the rush
    3. Re:Definitely a bad idea... by Seumas · · Score: 5, Insightful

      John Reid of the SBL told me this wasn't true-- that the SBL was still clean, and that they only blacklisted hosting companies' mail servers when they were spam hosts who took on innocent users as camouflage:

      He is right. That definitely is NOT how SBL actually operates. I have a site that is heavily trafficked (millions per month) and they blocked my email (from my own personal server) that has delivered mail for my site for seven years with absolutely no outgoing spam or relaying having ever occurred in its entire life.

      However, a spammer with false credentials faked his way into a hosting account with my colo provider and as a result, SBL blocked multiple entire submnets, rendering my entire site and service useless for almost an entire month (we deal with auctions, meaning nobody was getting closed notices, won notices, outbid notices, addresses to send payment, registration emails, lost password emails - and when they complained, I couldn't respond to help them and explain it to them).

      SBL couldn't have cared less. As far as they are concerned, if one IP is a source of spam, they all are. And they'll get to fixing it in their own damn sweet time.

      But the defense of SBL fan-boys is typically "well it's VOLUNTARY!".

      Yeah. Whatever. Fuck off.

    4. Re:Definitely a bad idea... by Seumas · · Score: 3, Interesting

      Providers don't have a choice very often. It's incredibly easy for someone to use any number of credit cards (even stolen ones that haven't been reported) and various false identities to purchase hosting accounts. If a provider doesn't respond and just keeps letting the spammer have at it, that's fine. But if someone is cut off quickly, then restore their SBL credibility immediately. Duh.

      Anyway, they shouldn't be blocking entire blocks of IPs. That doesn't even make sense. What does one guy on one IP out of hundreds or thousands who spammed for most of a day before he got caught have to do with my server which has run clean and reliable and secure and in good faith (including SPF and everything else) for the better part of a decade?

      As Paul Graham already stated, this is just a strongarm tactic to harass as many innocent parties as possible. There's no other explanation for it. Are two spammers really worth denying tens of thousands of (in the case of Paul Graham) Yahoo customers?

      There are bad-actors; rogue hosts. It's pretty clear when you're dealing with one who isn't. And if you were quick to put people on the SBL list, then take them down just as quickly. It is unacceptable that it took three weeks after the incident for them to finally remove them from the list.

    5. Re:Definitely a bad idea... by Seumas · · Score: 5, Insightful

      That's the point - it doesn't matter how fast you respond to a spammer. If you ditch the spammer instantly, you're still going to end up on the list indefinately. In the case I cited, the spammer was kicked off within hours. I'm sure he was off to some other unwitting place to spam from while the rest of us went weeks without being able to send from our servers.

      How is it an incentive for admins to be "responsive" when dealing with spammers if you're going to punish everyone within a certain radius for days or weeks even if the problem was terminated within hours?

      What exactly is so wrong with blocking an IP at a time? You do away with the innocent bystanders while still nailing the spammers. Anyway, the reason they block the entire subnet has NOTHING TO DO WITH PREVENTING SPAM. It's merely a way of pissing off enough legitimate people to force the bad person to be dealt with (even if they've already been dealt with or it was an honestly unavoidable situation or what have you).

      If you've identified chronically spam-friendly hosts and want to widen your net for them, that's great. But don't take out the entire neighborhood because of one bad neighbor.

    6. Re:Definitely a bad idea... by syukton · · Score: 3, Insightful

      Actually, I'm with singletoned, and I think it's you that has a problem with understanding. Understanding something involves realizing implications which are not immediately obvious. Understanding is something that few people ever really do. Reading the facts isn't enough, you need to be able to manipulate those facts and draw provable conclusions from them. THAT is understanding.

      For example, in order to get revenge on people they believed were spamming, MAPS would blacklist the mail server of the company hosting their site.

      The problem with blacklists is that they're human controlled and extremely susceptible to egotistical vigilante-ism. If I'm getting spam from a server, I don't have to block just that server. I could block every server in the headers, for example. What I choose to add to my blocklist can be totally arbitrary, and that's the problem with blocklists controlled by individuals that can block huge IP blocks.

      And, in terms of preventing the "sending" of mail, you could consider a blacklist to be a postman who would, whenever he saw a letter from a given return address, he'd destroy it. Any time you got a New Scientist magazine? destroyed, at their discretion. How many companies use a blacklist without saying what's on the blacklist, or making the blacklist easily searchable and editable? Does a user ever get a message on a regular basis "Hello so and so, you've received 274 emails this week from addresses in our blocked address list (which contains mostly spammers; click here to make a change." ? No, they don't provide that helpful information with links to the relevant information.

      The mail is just blocked, it disappears into a void. By intercepting it before it reaches its intended recipient you are effectively preventing it from being sent. Because it's not the addressed recipient that decides whether or not to accept the mail according to the blacklist, it's an unnamed middle-man or middle-men. A blacklist allows any server in-between the sender and the recipient to say "no, sorry, your ass is blocked."

      I do think people should be forced to accept every email that I send. They shouldn't be forced to READ them all, but they should be forced to accept them. As email becomes more and more prevalent as a form of legally recognized communication (emails are used in court as evidence) it's important to recognize the implications of interfering with that communication without disclosing such interference. Would you like it if I were your postman and every time I saw your electric bill, I took it and destroyed it because I didn't like the electric company and I didn't think anybody should be subjected to their tortures? Would you like me totally interfering with your legal communication and then not telling you, not even sending you a friendly "the electric company is evil, go solar!" letter? Would you like the way that could impact your finances, your credit, your reputation? What happens when somebody adds an obscure credit union to a blacklist and people don't get fraud alert emails from the CU, just because one server in their datacenter was compromised and used to send 10,000 spams? Do you REALLY understand, now? I still don't think you do.

      The blacklist themselves aren't really responsible for breaking any rules, which they believe absolves them of acting responsibly. The fact of the matter is that blacklists are often implemented in the most infuckingcredibly ignorant ways possible, unfortunately. No e-mails as per my suggestion above, no way for the sysadmins that use the blacklist to audit/edit it, etc.

      We need a wiki-style collaborative blacklist that has a membership of thousands who all collaborate on this issue. It's just one more example of how giving one person too much power before they're ready to use it responsibly with proper discretion results in a disaster. A blacklist affects too many people to be implemented so willy-nilly at only a few peoples' (poor) discretion. We need a collaboration, a large committee who will not become corrupted by power (as none of the members will individually have any power) but will be a gathering of individuals who maintain their individual opinions and ensure that the system remains fair and balanced.

      --
      Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
    7. Re:Definitely a bad idea... by keraneuology · · Score: 3, Interesting
      this is just a strongarm tactic to harass as many innocent parties as possible

      You hit the nail right on the head. In fact, a fly on the wall related to me the entire conversation from the morning they decided to set this thing up:

      Person 1: I'm bored this morning, how 'bout you?

      Person 2: Yeah, me too, dewd. Let's start harassing as many innocent parties as we can!

      Person 1: Yeah, dewd! That'd be way wicked cool!

      Anyway, they shouldn't be blocking entire blocks of IPs. That doesn't even make sense. What does one guy on one IP out of hundreds or thousands who spammed for most of a day before he got caught have to do with my server which has run clean and reliable and secure and in good faith (including SPF and everything else) for the better part of a decade?

      Blame the spammers' money and the greed of the ISPs. It used to be quite common for a spammer to run under his pink contract from an IP address until people got fed up and blocked that specific IP. Certain ISPs would then assign the spammer a new IP address knowingly full well what they were doing with the explicit intent of allowing that spammer to bypass the blocklists from people who were obviously and explicitly taking steps to avoid the spam. Unfortunately as it turned out truly innocent customers were being assigned a dirty IP address that had been previously sullied by a spammer. The moment their email server came online they were already blocked because of what had happened there before. Talk about unfair.

      The spam-friendly ISPs forced the blacklisting of IP blocks: there was simply no other way to filter out the spam coming from those netblocks. Other users of that hosting service may be inconvenienced, but the system admin's right to take steps to prevent spam from gumming up the works of HIS OWN NETWORK outweights the right of anybody else to expect email originating from the same IP address used to send out three trillion ads for vgiara the week before to be received with open arms.

      Does this catch innocent people in the crossfire? Unfortunately, yes. But with 4,228,250,625 possible IP addresses those who maintain the blacklists can't be expected to personally review each and every email asking to be whitelisted and spend time and effort determining who is telling the truth and who is following spam rule #1.

      If widget.qqq has your domain blacklisted then your beef is with the admin of widget.qqq. Period. End of story. Beg him to whitelist you. Buy him a pizza. Send him some free (as in beer) beer. Serenade him at three in the morning. Send three billion statements of character witness. But his network, his gate, his key, his rules on granting admission.

      Let's look at this another way: If I am throwing a party and, on the advice of my friend who told me that people who wear Mickey Mouse shirts are boring, I deny admission to people wearing Mickey Mouse shirts from whom will you beg entry and who shall be called nasty names for listening to somebody else?

      Of course, that's the solution, isn't it? We must ban any and all people from publishing an opinion regarding the statistical probability that an email from a given IP address is spam.

      --
      If the g'vt kept the data on you that google does you'd better believe you'd be calling it "doing evil"
  3. A few comments by alanw · · Score: 4, Informative
    From Paul Graham's original article http://paulgraham.com/spamhausblacklist.html
    any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam
    The primary use of the SBL is to allow sysadmins to refuse e-mail coming from listed IP addresses. The mail should be rejected during the SMTP header conversation, and the senders of genuine (non-spam and non-virus) e-mails will receive a non-delivery report from their outgoing MTA.

    I assume that what Paul Graham is complaining about must be SpamAssassin, or some other content filter, applying a score to articles containing URLs, which when looked up in DNS resolve to listed IP addresses. This is much less acceptable, since the sender has no way to know that their e-mail may have been classified as spam.

    The details of the listing can be found at http://www.spamhaus.org/sbl/sbl.lasso?query=SBL279 45. This is a /32 - i.e. a single IP address. I don't know why Paul Graham's web site (which has that IP address) has been associated with textileshop.com, which has a completely different IP address.

    The other Yahoo listing on the SBL is also a /32.

    I also note in another of Paul Graham's articles http://paulgraham.com/sblbad.html he claims

    The most notorious example is the MAPS RBL
    As any fule kno, the most notorious spam blacklist is SPEWS. ~
    1. Re:A few comments by mercuryresearch · · Score: 3, Informative

      Seeing as how this exact situation happened to me this week, I can provide some light on the /32 IP address issue.

      In my case, I moved a server to a new colo facility. Most facilities have an IP block, and you get assigned an IP from it. Six months or a year ago that IP might have belonged to someone else. For me, it turned out in February a spammer installed a server at the colo, spammed from that server for a single day before the colo ISP turned them off. That IP got listed in Spamhaus; in the beginning of June I was assigned that IP.

      So, I ended up with a Spamhaus listing for my mail server's IP address -- and _I_ can't get it removed. Spamhaus expects the colo operator to contact them (which they did on my request) but even there, if the blacklist operator doesn't like the ISP/colo people, they can ignore the request.

      Fortunately Spamhaus listened and I got the record for my IP removed. But this showed me it was trivial for a non-spammer to inherit a blacklisted IP. I've added doing DNSBL checks on colo-assigned IP addresses for future moves to prevent any future issues.

  4. Paul is just pissed because... by SSpade · · Score: 3, Informative

    ...his website is hosted on the same IP address as a spammer (textileshop.com) was on yesterday, and because of that he's seeing some of his mail blocked.

    There's certainly a need for thoughtful and hopefully positive criticism of blacklist behaviour. This article is not it.

    1. Re:Paul is just pissed because... by SSpade · · Score: 3, Informative

      Actually the IP address that's listed is store.yahoo.com.

      Yahoo hosting is riddled with spammers, and store.yahoo.com is where most of them live, and where they accept credit cards for their purchases.

      The SBL lists IP addresses that are involved in spam. 66.163.161.45 is involved in a lot of spam. It's not been removed from the SBL because, well, it's still actively being used by spammers.

      Because countless spammers register domains on a daily basis, yet point them at the same IP addresses some people choose to resolve the URLs in incoming email and bounce the mail if any of them resolve to particularly filthy IP addresses.

      66.163.161.45 is filthy. Blocking mail that has URLs pointing there will stop a fair amount of spam. Not an approach I'd use myself, but certainly a lot more effective (in terms of spam caugh and false positives) than many, many other approaches in widespread use.

      Paul chose to host his website there, despite supposedly knowing a lot about the spam issue. That was probably not a good call.

    2. Re:Paul is just pissed because... by deacon · · Score: 4, Insightful
      66.163.161.45 is filthy. Blocking mail that has URLs pointing there will stop a fair amount of spam. Not an approach I'd use myself, but certainly a lot more effective (in terms of spam caugh and false positives) than many, many other approaches in widespread use. Paul chose to host his website there, despite supposedly knowing a lot about the spam issue. That was probably not a good call.

      Let me reword your justification of of this behaviour so others can see the flaw in it more clearly:

      [66.163.161.45 is a filthy neighborhood. Lots of criminals live there. So, a group of vigilantes randomly started machine gunning people walking the street. Not something I'd do myself, I prefer to use a shotgun, but certainly more effective then using the court system. Paul chose to live there, and he should have known it's a bad area. If he gets shot at random, well, too fucking bad, he should have known better. Living there was probably not a good call.]

      Some days it's hard choosing between deleting 400 spams a day and dealing with the exsistance of "spam blocking" groups. Then I read a comment from an "anti-spam" person and I think I'll be safer choosing to work that delete key.

  5. Vigilante it ain't by Rosco+P.+Coltrane · · Score: 4, Insightful

    The problem was, as vigilantes so often do, the guys at MAPS got carried away

    For some reason, journalists keep calling blackmail lists "vigilantes". But there's something they don't understand: nobody forces email system administrators to use those lists.

    These lists are provided by people for free. They decide to list bad email servers, but they may as well include any server they want. After all, who's to force them to provide quality of service?

    The real problem, of course, is that blacklists are needed in the first place. If ISPs did their jobs a little better (aol, hotmail and the likes), the amount of spam would already decrease significantly. And don't speak to me about chinese ISPs, since most spam comes from the US.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:Vigilante it ain't by Maestro4k · · Score: 4, Insightful
      For some reason, journalists keep calling blackmail lists "vigilantes". But there's something they don't understand: nobody forces email system administrators to use those lists. No, but the non-spamming sites that end up on it would certainly disagree with you, they didn't do anything to merit the block.

      You seem to be confused about what a vigilante is, dictionary.com gives me this: "One who takes or advocates the taking of law enforcement into one's own hands." Note it doesn't say anything about them forcing others to agree with their views or take part in them. If you decide to take legal actions in your own hands, then you are, by definition, a vigilante. So it does apply here, just because they don't force anyone to use their lists doesn't change that.

      These lists are provided by people for free. They decide to list bad email servers, but they may as well include any server they want. After all, who's to force them to provide quality of service? TFA's point was that these lists start out listing just IPs/hosts/sites they know are sending spam, then later the power corrupts ("power corrupts, absolute power corrupts absolutely") them and they start using the power they've gained by their blacklist being used by many people to start trying to force ISPs to comply with them by blocking bunches of innocents at the same ISP. That indeed has happened, although I'm really not sure if it's happened here or not. The risk of it occuring is pretty high, humans are, after all, only human and it's hard to resist that temptation, especially when you're a strong enough anti-spam advocate to run a blacklist. The real problem, of course, is that blacklists are needed in the first place. If ISPs did their jobs a little better (aol, hotmail and the likes), the amount of spam would already decrease significantly. And don't speak to me about chinese ISPs, since most spam comes from the US. The real problem is human nature in all of this. In spam existing in the first place (greed), in ISPs not blocking things they should (laziness, lack of knowledge or time), in people actually buying from spam (greed (getting something cheaper than legal means would allow), sexual desire (gotta have a longer penis!) or just simply a criminal desire to purchase illegal goods (prescription drugs for example)) as well as humans becoming corrupted by power when their blacklists get to be popular.

      So basically if we can solve how to get people to stop being, well, people and giving in to baser instincts we can stop spam. Of course we'd also stop crimes of all sorts as well and we've not managed that in hundreds of years so I'm not holding my breath for it to happen.

    2. Re:Vigilante it ain't by hesiod · · Score: 3, Insightful

      > If you decide to take legal actions in your own hands, then you are, by definition, a vigilante

      What law enforcement activities do the blacklists take into their own hands?

  6. A Paradox? by LegendOfLink · · Score: 3, Insightful

    A blacklist for a blacklist for a blacklist...

    Personally, I find the need to disable more and more RBL's, because today a user might come thru OK, tomorrow, they're stuck in SORBS and considered a HIGH risk.

    --
    IGB: More fun than eating oatmeal!
  7. Not like people get all radical about it... by dmorin · · Score: 4, Interesting
    Actual quote I have heard on the subject of spam blacklists: "I don't care that you're not a spammer. Your ISP allows spammers in their midst and therefore you all go on the list. Get a new ISP."

    Oh, ok. Nothing like over reacting a bit.

    --
    www.HearMySoulSpeak.com
    1. Re:Not like people get all radical about it... by Uruk · · Score: 4, Interesting

      No, the principle is that if ISPs know that this kind of overreaction will occur, they will make quite sure that they don't have spammers in their midst. In essence, it's an attempt to incentivize ISPs to police themselves.

      What's the alternative? Having some centralized, international spam cop whose job it is to clean up every ISP on the planet? If ISPs get a completely free pass on spam and don't have to care whether their subscribers are abusing other people or not, where is their incentive to prevent the abuse? The way you avoid the tragedy of the commons is by getting people to see their individual stake in the issue.

      Certainly the quote that you're pointing out isn't the most diplomatic or effective way of putting it, and I doubt this kind of thinking is behind that quote - it probably is the knee-jerk reaction that you're identifying it for. Still, the idea might have some merit.

      --
      -- Truth goes out the door when rumor comes innuendo. -- Groucho Marx
  8. Pure and simple... by jellisky · · Score: 4, Insightful

    I had the unfortunate "joy" of being blocked by some of these draconian blacklists. My sister requested some information from me for a trip that she has upcoming via my yahoo.com account. After it bounced from her ISP saying that I was sending it from a "spam-hosting" ISP, I sent it from my mac.com account. Same schtick. After a couple other choices, I finally got it sent from my .edu account.

    Her ISP uses SpamBag for their blacklist. SpamBag? ScamBag is more like it.

    No wonder my sister is disenchanted by email. Her yahoo account got spammed to no end, then she can't get emails from most of her friends since they get bounced back by her ISP's stupid blacklist.

    Blacklists are fine and dandy in principle, but practice has shown them to be useless. IT managers, just drop them. They're more annoying than anything.

    -Jellisky

  9. Whiskey. Tango. Foxtrot. Over. by Skye16 · · Score: 5, Insightful

    So...it's okay if he goes to Federal Pound-Him-In-The-Ass penitentiary just because he rented a car from a place that also rented a car to a crack dealer?

    Huh?

    Sorry, but that's still bullshit. He states it clearly in his article: You can't screw over innocents just to make the guilty pay. Does the your government put a neighbor family through torture just because you got a parking ticket? No. It's YOUR fault and YOU should be punished. Not some innocent bystander.

  10. Comment removed by account_deleted · · Score: 4, Insightful

    Comment removed based on user account deletion

  11. Pay and you get removed by tmk · · Score: 4, Interesting

    I have found an interesting offer: pay 50 bucks and you are removed immediately from the spam list. Have a look here.

    Interesting: The company won't say who they are. They say this was approved by local authorities, but this is bullshit. Local authorities can not brake federal law in Germany.

  12. Oblig. Simpsons Reference by Mr.Progressive · · Score: 3, Funny

    Blacklists have a structural flaw: there is no one to watch the watchers.

    Lisa: If you're the police, who will police the police?
    Homer: I 'unno, Coast Guard?

    --
    Okay, so a philosopher, a philologist, and a philatelist walk into a bar...
  13. Who watches the Watchers? by redelm · · Score: 3, Insightful
    ... the Watched, of course! Ruel enforcement isn't a heirarchy but a loop.

    Blocklists are made by people for others to use if they see fit. When they become unusable, they're no longer used. Personally, I use none. The cost to me of one false positive is greater than 1000 spams that leak through. No list is that good.

  14. There is a problem with blacklists by WebHostingGuy · · Score: 5, Insightful

    We deal with this all the time. Leaving any IP on a blacklist for any period of time doesn't help. Most spammers nowdays spam and run. They unload from a hacked account through a broken formmail script or a zombie computer. After 36 hours they have dumped their million emails and moved on to another IP. Blacklists generally don't get this though. They just make a bigger and bigger list. The problem with this approach is that they already missed the spammer. One time we dealt with someone who was running a blacklist and when we asked why an IP was on the list they said because it spammed years ago. When we said we have controlled the IP for the past three years they said it doesn't matter. It's like give me a break...

    The solution to blacklists is to use an AOL model in which dynamic IP blocking is used. When spam is noted from an IP that IP is automatically blocked for 24-36 hours after the last spam comes in. That way the innocents are not being blocked and the spammers email doesn't make it through. There are a couple blacklists which do this but more should.

    Compare this to the opposite blacklists like BLARS which requires a thousand dollars for "him" to investigate whether an IP should be removed. I have never seen an IP which is not listed with BLARS.

    --
    Quality Hosting e3 Servers
  15. What's the real story? by argent · · Score: 3, Insightful

    People switched from MAPS because the other lists were free, not because MAPS was too aggressive.

    "As of this writing, any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam."

    Whisky Tango Foxtrot? *BLs block IP address ranges, not URLs.

    "Because the guys at the SBL want to pressure Yahoo, where paulgraham.com is hosted, to delete the site of a company they believe is spamming."

    1. Given that Paul's mixing up URLs and addresses of mail servers, I'm not prepared to take at face value the statement that SBL is blocking Yahoo's mail servers to pressure Yahoo to drop a "site", rather than (say) mail services Yahoo is providing the spammer.

    2. If Yahoo is providing services to a spammer and Yahoo refuses to deny those services to a spammer, than Yahoo is being "spam friendly", no matter what their reputation is, and they may well be depending on the many legitimate lists they're hosting to avoid responsibility for their actions. That's exactly the situation that John Reid is referring to in Paul's quote.

    I don't know what alleged spammer this is referring to, but what Paul's written is clearly not anywhere near the whole story.

  16. Guideline, not a rule by bitflip · · Score: 5, Interesting

    I use blacklists all the time. Rather than simply rejecting the mail, if the server is on a blacklist, the initial OK is delayed by five seconds.

    If you're sending a ton of mail, i.e., spam, little of it gets through. If you're only sending one or two messages, ie, likely legit mail, it goes through just fine.

    Combined with more specific stuff further back (bayes, et. al), it's been quite effective at reducing the amount of spam sent, and the amount of mail that gets scanned.

    The problem isn't blacklists, its how people use them.

  17. Wrong by autopr0n · · Score: 3, Insightful

    What they do is allow others to block email between two diffrent people, simply because they run the mail servers that sit between them. If it was only individual users who were using these blocklists, it would be a diffrent issue. But it's not.

    --
    autopr0n is like, down and stuff.
    1. Re:Wrong by squiggleslash · · Score: 3, Insightful
      You're why sysdadmins and blacklists have a bad name. Just because you can do it, doesn't mean you should or even that it's particularly intelligent to do so.

      If I can't receive email from a friend because my mail provider, who I pay money to, is as stupid as some of the BL-supporters here, you can bet I'll yell at them. They can whine as long as they like about how it's their equipment, *I* pay their wages.

      --
      You are not alone. This is not normal. None of this is normal.
  18. Re:today? by Joe+U · · Score: 3, Interesting

    "Vigilante is a very strong word "

    You're right. The correct words are 'overreacting assholes'.

    Most RBLs are run by assholes who have no concept of how to properly manage something as complex as a RBL.

    And no, I've never been blocked by one and I weight RBL positives very low.

  19. "Power-hungry weenies" by slavemowgli · · Score: 5, Interesting

    Interestingly enough, the owner of the acme.com domain who was recently featured in a story due to his getting more than a million spam mails (well, attempts to send spam) a day, agrees:

    DNS-RBLs - Domain Name System Realtime Black Lists. In theory the idea is fine. You have a set of sites that you blacklist, and you want to let other folks use the same list so you distribute it using DNS, which is a nice efficient de-centralized database. What's not to like?

    Well, I don't know why, but in practice every single DNS-RBL eventually comes under the control of power-hungry weenies. They start listing sites unreliably, and if you complain you find yourself listed. And there's usually no way to get off the list.

    A lot of people tell me I'm wrong about this. They say that certain DNS-RBLs are ok, with objective criteria for inclusion and simple procedures for getting off the list. The thing is, they give conflicting recommendations for which lists are good and which are bad. Some of these folks recommend lists which I know from personal experience are bad.

    This problem is really inherent in the way DNS-RBLs are set up. You cede control of your mail system to a third party, with no real possibility of checking how they are doing. The people running the lists get overwhelmed with bogus feedback from spammers and/or idiots, to the point where they assume all their mail about the lists is from spammers and/or idiots.

    If the lists you use have not yet descended into corruption and chaos, consider yourself temporarily lucky.

    Do not use DNS-RBLs.

    (from http://www.acme.com/mail_filtering/shame_frameset. html)

    --
    quidquid latine dictum sit altum videtur.
  20. What a clusterfuck by maynard · · Score: 3, Interesting

    blocking spammers via a central database just doesn't work. The spammers are constantly moving from zombie client to zombie client in huge waves of hundreds of thousands of infected systems, making the RBL always filled with obsolete and incorrect information. The problem - as everyone knows - is that the protocol is fundamentally broken. It's a tragedy of the commons played out in front of our eyes.

    By allowing the abuse it's outcome becomes a certainty. We're going to have to bite the bullet and dump open SMTP. And I think we're going to have to do this quickly. The levels of SPAM continue to rise. I often see ten to twenty times as many spam connections on my mail servers than legitimate connections, and this is a constant, flowing, amount of SPAM 24/7. Even with RBLs, spamassassin, etc, SPAM still gets through. The solution will not be found with another bandaid. It's time to dump SMTP and move to something that demands cryptographic authentication for users and hosts before allowing the transport session to complete. --M

  21. So what by Vainglorious+Coward · · Score: 4, Insightful

    I reserve the right to block (or accept) any mail I choose on my own system. I also make that decision on behalf of my users, weighing the pros and cons, and especially the listing policies, of any RBLs. If I get it wrong, then yes, my users won't be happy. I'm all for doing what makes my users happy. Blocklists do make my users happy. They work. The fact that there's sqealing about the effect shows that they work. I reject utterly the contention that I should somehow be forced to accept anything I don't want to receive

    --
    My next sig will be ready soon, but subscribers can beat the rush
    1. Re:So what by Chris+Burke · · Score: 3, Insightful

      I reject utterly the contention that I should somehow be forced to accept anything I don't want to receive

      And that means that you will readily accept someone else's decision on what you should and should not receive? You sound to individualistic for that, so I think you are probably missing the implications of these blacklists.

      What if you want to receive email from someone, but their block is in the blacklist your ISP uses? Can you call up your ISP and ask them to remove it? Can you get your friend to change their ISP so they are in a non-blacklisted block? In the past, I've seen people whose ISPs would block, for example, the entire University of Michigan. That made it pretty tough to communicate with them.

      You are absolutely under no obligation to accept anything. That's why I run a spam filter myself. But letting someone else's often arbitrary judgement control what you do and don't receive is contrary to the personal control that you (and I) want.

      Speaking of which, I'm glad I'm not one of your users.

      --

      The enemies of Democracy are
  22. Re:Abuse my hind end by jamie · · Score: 4, Insightful
    Obviously you feel very strongly about spam. You feel that spam is so important that websites which offer to sell spam software should be blacklisted, along with many other innocent websites hosted at the same ISP.

    What else do you feel strongly about?

    There are websites, I am sure, that describe in detail how to commit murder and get away with it. Some readers may find those sites, and using that knowledge, go commit violent crimes -- just as some readers of spam sites may purchase email harvesting software and then go commit the crime of sending bulk email. I assume you would support blacklisting ISPs that host violent-crime advice, since surely everyone agrees that murder is worse than spamming.

    There are ISPs that host neo-Nazi propaganda calling for the murder of all non-whites. Do you think that's better or worse than offering spam software for sale? Should those ISPs be blacklisted?

    Escort services? Simulated rape porn? "The Anarchist's Cookbook"? A list of abortion providers' addresses? Al Qaeda recruitment and propaganda? I want to know which of these you think is equally as bad as, or worse than, hawking a CD with a million email addresses on it. How many things do you think merit blocking all of an ISP's innocent websites?

    You have your list. Others have their own lists -- and, frankly, there are a billion people who think porn is vitally important and your fixation on spam is stupid. Do you really want the internet segmented? Do you think advancing your pet cause is worth walling off the internet into warring quarters? Do you really want to wield a censor's black pen?

  23. Re:Home Connectivity ISP != Your Domain ISP by Skye16 · · Score: 3, Insightful

    Right. So then, when those of us with a .nu domain name have to change ISPs constantly because, at any moment, someone else - that we have no control over - ruins the ability for our email to go to its intended recipient - we just get to suck up the 10$ a pop IP change for our DNS? And even aside that point - while hosting companies are a dime a dozen, good hosting companies aren't. When we do find one that is, we want to stick with it. It's not their fault someone else at the same colo decided to be a jackass.

    Basically, you're just saying "too bad, I'm tired of being screwed over by spam" and I'm saying "wtf, I'm tired of being screwed over by blacklists that can't keep their shit together". Put yourself in my shoes - when a blacklist service becomes worse than spam and the spammers who spam, what does that tell you about blacklists?

  24. Private blocklists. by Pig+Hogger · · Score: 3, Funny
    There are many, many private blocklists that are not advertised anywhere.

    Here is my very own private /etc/mail/access blocklist which I use on my own mail server:

    #
    12.217.112 550 Mediacom. Heh. What a fucking spamming cesspool. So why not eat shit and die???
    12.217.113 550 Mediacom. Heh. What a fucking spamming cesspool. So why not eat shit and die???
    12.217.114 550 Mediacom. Heh. What a fucking spamming cesspool. So why not eat shit and die???
    12.217.115 550 Mediacom. Heh. What a fucking spamming cesspool. So why not eat shit and die???
    12.217.116 550 Mediacom. Heh. What a fucking spamming cesspool. So why not eat shit and die???
    12.217.117 550 Mediacom. Heh. What a fucking spamming cesspool. So why not eat shit and die???
    12.217.118 550 Mediacom. Heh. What a fucking spamming cesspool. So why not eat shit and die???
    12.217.119 550 Mediacom. Heh. What a fucking spamming cesspool. So why not eat shit and die???
    24 550 Comcast, when you'll have cleaned your zombies, you can knock here. Not before.
    24.174 550 Chuck Jones must be spinning in his grave when he see he's associated with spam. Close port 25, fuckers.
    59.0 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.10 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.1 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.11 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.12 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.13 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.14 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.15 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.16 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.17 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.18 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.19 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.2 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.20 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.21 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.22 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.23 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.24 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.25 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.26 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.27 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.28 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.29 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.3 550 It's not surprizing that a country split in two like Korea would have a totally fucked-up "internet".
    59.30 5

  25. Load of FUD by Paul Graham, competitor to Spamhaus by Steve+Linford,+Spamh · · Score: 5, Insightful


    Gentlemen,

    You do realize that Paul Graham is in the business of pushing Bayesian anti-spam filtering, which he claims as 'the best' solution to spam. For a long time Graham has been spreading FUD about other anti-spam solutions, in particular blocklists. We're well used to hearing utter bollocks about blocklists spread by him.

    Yesterday we listed on the SBL an IP of a spammer which as luck would have it is being shared by Paul Graham. We of course can not simply give the spammer carte blanche to spam our users because Paul Graham is also using the same IP. Graham has no concern for the fact he's sharing his IP with a spammer, and rather than contact his ISP to ask what a spammer is doing sharing his IP he simply sees a PR oppurtunity to bolster his "blocklists are evil, bayesian is good" campaign. I'm only surprized this actually made Slashdot.

    Steve Linford, CEO, Spamhaus

  26. Unsolicited Plug (from me) ... by Dr.Dubious+DDQ · · Score: 3, Insightful

    Considering how much my spam has been reduced by the SBL (anywhere from at least 50% up to 75%) I'd like to just say:

    The mail servers under my control have always subscribed to the SBL-XBL (well, more accurately, before the XBL was established it was the SBL and cbl.abuseat.org. The latter is dedicated to short-term [72 hours, as I recall] blocking of e.g. spammers operating on DSL or cablemodem lines who are likely to appear on an IP address once or twice and then get kicked off. The CBL is now also represented in the XBL). I have so far, in the last 3-4 years or so, only been able to confirm 1 and 1/2 "false" positives in that entire time - one was from a person in China who was using a confirmed spam-haven ISP, the "1/2" from a company that, after an informative response from the CBL people, I believe were listed for appropriate reasons. In any case, the latter case cleared itself up when they were automatically re-removed from the CBL [they'd been there before] and the email lost WAS an advertisement anyway...)

    I have noticed the numerous stories of overzealous blocklists, which are obviously a bad thing, but I can't think of a way to reasonably put the SBL in that category...

    Besides, bayesian filtering only works AFTER the spammer has been allowed to tie up my mail server's bandwidth (and then allows them to tie up your mail server's CPU time with the bayesian analysis). I prefer to cut off known spammers before that point whenever possible. THEN I pass the remaining messages through SpamAssassin. Back in the early days of spam, I used to actually go to the effort of picking apart the mail headers and looking up the abuse addresses for the ISP whence the mail came AND the hoster of the spammers website (and on one or two occasions, even the registrar for the spammer's domain name, when I could confirm that the information was falsified). It's been a long time since I was able to keep up doing that with the volume of spam coming in, but I still can't stand the thought of allowing spammers to take ANYTHING from me that I can prevent...

    --
    Hacker Public Radio is our Friend