Slashdot Mirror

← Back to Stories (view on slashdot.org)

Maintaining a Publicly Available Blacklist - Mechanisms and Principles

Posted by samzenpus on from the it's-not-me-it's-you dept.

badger.foo writes "When you publicly assert that somebody sent spam, you need to ensure that your data is accurate. Your process needs to be simple and verifiable, and to compensate for any errors, you want your process to be transparent to the public with clear points of contact and line of responsibility. Here are some pointers from the operator of the bsdly.net greytrap-based blacklist."

2 of 89 comments (clear)

  1. Using a blacklist ... by magic+maverick+ · · Score: 5, Interesting

    And while we're at it, some hints on using a public blacklist with regards spam. The correct way is not to trust the blacklist 100%. Instead, you use it as one part of a comprehensive scheme (part of this complete breakfast). So, you may use a dictionary, and for every word in the dictionary you add 10 points (viagra, v1agra, v14gr4, etc.). You can use SPF and if it doesn't match, then that's worth 50 points, and if it's not there, maybe 20 points. And if the domain or IP address is on a blacklist, maybe 40 points. You assign the points as you like. Then, if you hit 100 points, you mark the email as "probably spam".

    But you never reject or mark an email spam just because it's on some blacklist. That's just stupid. Now I'm off to RTFA.

    ----

    OK if you have your own blacklist (perhaps a list of domains or IP addresses that have sent email to a catch-all, or that have fallen into a honeytrap), then you do what you want. But you probably should date entries and remove old ones (if they do not misbehave again), in case a legitimate user is now at that location.

    --
    HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
  2. Re:Greylist instead by 1s44c · · Score: 5, Insightful

    If you ran an open relay you were on the right end of a blacklisting.