Forgot your password?
typodupeerror
Spam

Are SPAM Blacklists Unreasonable? 663

Posted by Cliff
from the this-isn't-proper-and-punctual-list-maintenance dept.
rlsnyder asks: "I'm the inadvertant co-administrator of e-mail a for company that relies pretty heavily on it for daily business (e.g. sending confirmations of financial transactions). At one point in the not-too-distant past, our server was an open relay. I admit I'm a sinner for letting it happen, and I'm ready to do my pennance. Given the relatively low volume of mail our server moved that did not originate from inside, I doubt I was a major contributor to the world of SPAM. In any event, we've been blacklisted on a number of sites. Some lists have reasonable policies, and we've since been removed. Other places are a little more arbitrary as to removal policies, and although I can prove we're not a relay, we're still listed." While I approve of the basic concept of SPAM Blacklists, there are dozens of SPAM blacklists out there who are real keen on adding open relays to the list, but not so keen on taking rehabilitated hosts out. I would posit that SPAM blacklists that are not properly maintained are a part of the problem, not the solution. What are your thoughts on the subject?

rlsynder continues: "Am I way off base here, or is this self-appointed mail police thing going in the wrong direction? Given that I can't reliably deliver e-mail to a number of places due to being blocked, I've got a big exposure. Is this making spam less of a problem, or are we trading one problem (SPAM) for another (the reliablility of proper maintenance of SPAM Blacklists)?

I could draw a bunch of analogies here, but isn't the bottom line that no one owns the internet e-mail system? I realize no one makes ISP's subscribe to the blacklists, but basically, I'm trying to move data from one point to another, and some machines in the middle are discriminating against my data because a corrected, perfectly legal system configuration error. How is this helping? Has SPAM really decreased universally thanks to these lists?"

This discussion has been archived. No new comments can be posted.

Are SPAM Blacklists Unreasonable?

Comments Filter:
  • Real Pain (Score:5, Insightful)

    by Tadrith (557354) on Friday February 15, 2002 @07:01PM (#3015680) Homepage
    The company I work for had the same problem. As a result, we ended up having trouble getting e-mail to some of our customers. Thankfully, it was easy to get ourselves removed, but I think if people are going to use blacklists, they should also take the responsibility of keeping them maintained, both in additions and removals.
    • We too were listed on some of these lists. And this was at the beggining of what is now know "mail relaying". Before then, all mail servers were open-relays, and suddently your emails are blocked !

      Therefore I'm against these lists but I would suggest another solution :

      1. These list should inform you have been added
      2. They should leave you 10-15 days to fix the problem before blocking you
      3. They should help you. I was *very* shocked by ORBS attitude "we block you, and we don't care if you cannot correct it"

      The problem 3 is quite grave : What can you do if your mail server doesn't support anti-relay ?
      Or if you must buy another licence, or it it's opensource, but needs a new version of the OS, or things like that. OK, now all email servers support anti-relay. But this was not the case at this time.

      And FIRST OF ALL, I would really like to have a RFC on this subject : I don't accept ORBS having decided what's permitted and what's not ! Some relaying is permitted and some not.

      Example : Accept any IP address for relay except ORBS, you won't be blocked but you're an open relay ;-)
      • by hpa (7948) on Friday February 15, 2002 @07:46PM (#3015940) Homepage

        The problem 3 is quite grave : What can you do if your mail server doesn't support anti-relay ?
        Or if you must buy another licence, or it it's opensource, but needs a new version of the OS, or things like that. OK, now all email servers support anti-relay. But this was not the case at this time.


        If so, they're right in blocking you. You're saying "oh, we're not willing to go through the trouble of cleaning up our server, to hell with anyone who gets spammed." It's exactly those sites that they're supposed to be blocked


        2. They should leave you 10-15 days to fix the problem before blocking you


        That's insane. Once you end up on a spamrelay list, you'll be the conduit for tons of spam within hours of even minutes. 10-15 days is an eternity in that respect.

      • by fmaxwell (249001) on Friday February 15, 2002 @08:27PM (#3016089) Homepage Journal
        I don't accept ORBS having decided what's permitted and what's not !

        ORBS does not decide what is "permitted" nor do any of these other databases. They have a set of criteria for deciding whether and when your mail server ends up in their database. If their criteria matches mine, then I can choose to use them as part of my mail filtering.

        1. These list should inform you have been added
        2. They should leave you 10-15 days to fix the problem before blocking you
        3. They should help you. I was *very* shocked by ORBS attitude "we block you, and we don't care if you cannot correct it"


        I'm sick of the attitude that ORBS owes you something when your mail server is an open relay. If your system is an open relay, your fuck-up will cost them time and effort as they add your system to the database. Now you think that they owe it to you provide you an absurd amount of warning (10-15 days), notification that you were added, and then you want them to provide free consulting services (see item 3). If you don't know how to run a mail server, then stop trying to.

        It's like being ticketed for driving your car down the wrong side of the road at 90 miles per hour and then being pissed off that the cop did not provide you with free driving lessons and give you 10-15 days to stop driving like that.

        If your system is an open relay, unplug the Ethernet cable immediately and leave it unplugged until the system is fixed. If you don't know how to fix it, then pay professionals to provide your SMTP & POP services. A spammer could spew tens of thousands of messages per hour through an open relay and you owe it to everyone else on the net do whatever it takes, including pulling the plug, to make sure that your system is not an open relay.

        I think that ORBS should charge a processing fee for "expedited removal" from their database and, otherwise, just remove systems once a week.
        • Bad analogy. (Score:4, Informative)

          by achurch (201270) on Saturday February 16, 2002 @05:57AM (#3017356) Homepage

          [Running an open relay is] like being ticketed for driving your car down the wrong side of the road at 90 miles per hour and then being pissed off that the cop did not provide you with free driving lessons and give you 10-15 days to stop driving like that.

          Nice analogy, except that it doesn't work. If you're driving at 90 miles an hour on the wrong side of the road, then (1) your speedometer will tell you that you're driving at 90 miles an hour and (2) looking ahead will show you which side of the street you're on, which you can tell is the wrong side because of what you had to know to pass the test to get your driver's license.

          With mail servers, however, there isn't, at least yet, any widespread tool that will tell you if you have an open relay (and given how such tools work, they'll probably be banned as "hacker tools" at the rate things are going these days). In fact, I found out recently that I'd been placed on a blacklist for having an open relay, which took me by surprise because I'd been careful to avoid having anything like that happen; it turned out that I had missed one of the potential avenues of abuse (specifically, using error bounces to spam people).

          So until running a (secure!) mail server becomes as simple as driving a car and people need licenses to run servers, your analogy is inappropriate.

        • ORBS does not decide what is "permitted" nor do any of these other databases. They have a set of criteria for deciding whether and when your mail server ends up in their database.

          Which they have all violated on numerous occasions, to the detriment of the innocent bystanders caught up in their incompetence.

          I'm sick of the attitude that ORBS owes you something when your mail server is an open relay.

          And what if it isn't? There have been numerous cases where the various blacklists have included servers

          • completely in error
          • because they shared the first n sections of their IP address with another box that was open
          • long after they've fixed whatever problem there was.

          I don't like open relays and spam magnets any more than you do, but I know how easy they are to overlook, and it will happen, even to generally competent people. It is in everyone's best interests to have a quiet word with the sysadmin at an open site first, because 90% of the time, that will solve the problem.

          On the other hand, what we now have is a vigilante culture where totally unaccountable people can wipe out your company (quite literally, if you depend heavily on e-mail) on a whim, and there isn't jack you can do about it. As far as I'm concerned, if these people are blocking you inappropriately, they should be liable in the same way as anyone else who damaged your business by making a false claim, and you should be able to sue them to the other side of the galaxy.

          It's like being ticketed for driving your car down the wrong side of the road at 90 miles per hour and then being pissed off that the cop did not provide you with free driving lessons and give you 10-15 days to stop driving like that.

          No, it's not even slightly like that. Having an open relay is inconvenient but not immediately dangerous. Having an open relay is not illegal. You are not required to pass a test before running a mail server. The internet is not governed by generally well-reasoned laws. A generally competent driver will not accidentally find themselves driving at 90mph on the wrong side of the road because they just bought a new car. All in all, the two cases aren't even remotely the same.

          I think that ORBS should charge a processing fee for "expedited removal" from their database and, otherwise, just remove systems once a week.

          Do you also think that the media should be able to run business-destroying stories based on complete misinformation, and then charge extra to print an apology in the next edition (even though most of the damage is already done and they don't have to pay anything for doing it)?

      • 1. These list should inform you have been added

        If you were added to a list without any knowledge that you had a spam problem, you are not qualified to run a mail server. If you were in any danger of being blacklisted, your postmaster@ account must have received hundreds of spam complaints. If you just ignored them, what did you expect to happen?

        2. They should leave you 10-15 days to fix the problem before blocking you

        Why, so spammers can abuse your servers for 10-15 more days? It was eating up YOUR bandwidth too, you know..

        3. They should help you. I was *very* shocked by ORBS attitude "we block you, and we don't care if you cannot correct it"

        ORBS WAS the exception, not the rule. ORBS is gone now btw, but they weren't known for their user-friendliness or their accessibility. Nevertheless, it's YOUR responsibility to fix your server, not theirs.

        Example : Accept any IP address for relay except ORBS, you won't be blocked but you're an open relay ;-)

        You didn't come up with this idea you know.. it's been done before. What did we call the people who did that? Oh right, spammers.
  • by Dick Click (166230) on Friday February 15, 2002 @07:04PM (#3015694)
    When I used to manage a mail server, I was asked to filer based on orbs. Not did this in no significant way limit the amount of spam entering the system, it became a huge administrative headache. Eventually, we stopped using the lists. I am sure there are likely better lists, but I simply prefer creating my own list, based on investigation into what's coming in.
    • by diamondc (241058) <gabrielfm@@@yahoo...com> on Friday February 15, 2002 @07:15PM (#3015763) Homepage
      We use ordb and orbz here at work. Over a day or so it rejected about 500 emails.

      Then we blocked all mail from mail servers who's IP numbers don't resolve. Now we have cut down on spam dramatically.. our root@ email account has gone from 200 spam emails a day to about 10
    • by shadie (261393) <shadie@[ ].nl ['dds' in gap]> on Friday February 15, 2002 @10:46PM (#3016487) Homepage
      We (dds, a dutch isp) had a spam problem, and being a free email provider for such a long time did contribute to that. When we went out to solve this problem we did it in three steps:

      - Implement RBL+ on our mailservers (got the load down a bit though)

      - Created a global "spam filter" (weight system a la junkfilter) wich was opt-in for our users..

      - We installed procmail, gave each user it's own .procmailrc and made a web interface to create procmail recipes in an "outlook" style.

      This recipe maker could then be accessed by each user on their own user pages, or they could just make receipts through their shell access

      Our end users didn't really notice much about our use of RBL. And most of them don't know what rbl is annyway.

      But giving them the possibility of filtering email on the serverside _themseve_ did make a difference! It gave them a feeling we are fighting spam, and that THEY are also in control !

      And last but not least... Giving your users info on how to _avoid_ spam is important!. We did this by writing clear faqs on avoiding spam, and pointing each new user to these faqs

      (b.t.w... this was my first post on /. , lurking time is over i guess :-)
  • by Speare (84249) on Friday February 15, 2002 @07:04PM (#3015697) Homepage Journal

    Hormel Foods has stated they don't mind the use of the word 'spam' to refer to U.C.E., or junk mail, as long as people don't use the term spelled in all-capitals. Hormel owns the trademark on the meat product, SPAM. Given their more-reasonable-than-average position on this, let's respect their request?

    • Big Deal. Diid you know McDonald's owns a trademark on the phrase "Smile" ? (Yeah that's right. It used to be on their cups when they were running some "Smile your at McDonal's campaign or something) Kimberly-Clark owns the trademark on Kleenex, do you think the cops come after me whenever I call my no-name tissue "Kleenex"? The point is, just because they own a trademark doesn't mean you can't use the word in whatever context you like, it means that you can't sell products under that same mark in the same field, or otherwise portray your products to belonging to that mark when they don't.

      • the poster was just asking for common courtesy towards Hormel.
        sheeesh, Hormel could of gotten all uppity about it, sent its lawyer out. We all know that cease and desist letters work. If you get a cease and desist letter, and don't, you end up in court. do you have enough money to fight this in court?

        Now if I could only get one of those flaming SPAM hats.
  • by tkrotchko (124118) on Friday February 15, 2002 @07:05PM (#3015703) Homepage
    I like the idea of something like MAPS-RBL, but I think many of them are bad hacks put together by guys who take the spam thing as a holy crusade. I don't really have a problem with that, its a free country, you do what you want.

    However I fault ISPs for using them without understanding their policies. Many ISPs use these small-time black-holes because they don't want to use MAPRBL (I assume its a money thing at this point). And if you get listed, how do you know that you're listed? You don't until somebody calls somebody and says "I can't get mail through to you". There needs to be a better way.

    And some sites, its not worth getting delisted. "www.joes.antispam.site.com" isn't worth the effort one way or the other.

    • by devphil (51341) on Friday February 15, 2002 @07:14PM (#3015751) Homepage


      Yep, that's the root of the problem: there are a number of for-free blacklists out there which are professionally managed. Those are the ones that should be used.

      And as long as we publicly point out the blacklists that are being poorly run, people will stop using them, and switch to the good ones (like RBL, RSS, DUL, ORDB). The solution is not to ban or otherwise stop using blacklists, the solution is simply to (vocally) promote the ones which stay on top of the problem.

      • Gee, devphil, you say:
        The solution is not to ban or otherwise stop using blacklists, the solution is simply to (vocally) promote the ones which stay on top of the problem.

        But your .sig says:
        You cannot apply a technological solution to a sociological problem. (Edwards' Law)

        Using SPAM blacklists is trying to apply a technological solution to a sociological problem, which your .sig proclaims won't work*. Either change your .sig or rethink your actions.

        * And it doesn't: we still have SPAM despite the blacklists.

    • by crucini (98210) on Friday February 15, 2002 @09:12PM (#3016223)
      Many ISPs use these small-time black-holes because they

      don't want to use MAPRBL (I assume its a money thing at this
      point).

      I don't think it's only a money thing. MAPS is almost useless - they don't list spammers until they've tried to "educate" them. I've noticed that servers sending me spam are never on MAPS. But the fact that they're charging doesn't help.
      And if you get listed, how do you know that you're listed? You don't until somebody calls somebody and says "I can't get mail through to you". There needs to be a better way.

      You generally know that you're listed because some of your outbound mail bounces with a message explaining that you are listed and giving a URL for further info. Are you saying that you've had outbound mail bounced due to a spam list and there was no indication of the reason? I realize this is theoretically possible, but I don't understand why someone would set up a mail server that way.
  • by jACL (75401)
    In this day and age, there's nothing stopping blacklist coordinators from automating the rehabilitation process: Select your host and click 'Check me now!' Passing verification removes one's host from the list.
  • No. Deal with it. (Score:2, Interesting)

    by Tackhead (54550)
    No, they're not unreasonable.

    You wanna live in a crack house? Don't go whining to the cops when you can't get a pizza delivered at midnight.

    You wanna get bandwidth with a company that provides services to spammers and relocates spammers to IP addresses to avoid blocking of single IP addresses, don't come whining to /. when the rest of the world wants nothing to do with your ISP.

    If someone spams me, I block the IP address. If the ISP relocates the spammer to another IP address in the same netspace, I say "fuck it", and block the /24. Or the /16, if need be.

    Don't like living in a crack house? Move.

    • What if it used to be a crack house, but the neighborhood cleaned up and was safe?

      • by Tackhead (54550) on Friday February 15, 2002 @07:34PM (#3015874)
        > What if it used to be a crack house, but the neighborhood cleaned up and was safe?

        A good point. That's why I'd buy SPEWS a beer.

        The system appears to be automated -- if the blocked host stops sending spam for a long enough period of time, SPEWS appears to unblock it.

        If, on the other hand, the spam continues to issue from the blocked host, SPEWS appears not to unblock it.

        From what I've read in news.admin.net-abuse.email, the length of time for which a provider remains in SPEWS appears to be proportional to the length of time the provider ignored abuse complaints.

        Contrast this with a privately-run blocklist (e.g. my "fsck it, block the /24".) I can't be bothered to check if the /24 has cleaned up. There are IP address ranges all the way back to the days of Cyberpromo that I haven't been bothered to unblock.

        The advantage of SPEWS and its ilk is that 1000 systems can be unblocked. The problem with the blocklist on my own system is that I can rarely be bothered to unblock it.

        (In crackhouse terms, SPEWS reads police blotters, and if it stops seeing crime in a certain area, allows pizza delivery. I'm the crusty old Italian guy who says "No, you can't deliver to 48th street, it's a war zone, at least, it was the last time I tried to deliver a pie there sometime in 1996!")

    • by Anonymous Coward on Friday February 15, 2002 @07:18PM (#3015778)
      Crack house? A bit harsh considering the guy simply had an open relay which he then fixed.

      You really think this is a valid analogy? Go spend a night in one, then go back to our cushy world of sysadmin stuff.

      Didn't think so.

      I'm betting he was asked to install a server - prolly a turnkey type - did so, and watched it chug along for a good long time before someone found out it was open and started using it.

      More like finding a crackhead in your garage, eh?

      Gee, ya think maybe he missed the giant neon sticker that came with the mailserver manual that said "your box is an open relay by default. fix that. tag - you're it!" Oh, right - that's because there is no such sticker.

      If they maintain the lists, they should *maintain* them, not just treat them like a brick wall and simply pile up the addresses and leave it at that. My experience with orbz is that they don't pay attention to the people in the middle - I've been there.

      Just takes a little bit of hard work, and this guy's apparently willing to do his part.

      Lighten up and tackle the appropriate problem.

      --Jake
      • > If they maintain the lists, they should *maintain* them, not just treat them like a brick wall and simply pile up the addresses and leave it at that.

        *nodding* - I'd never recommend anyone other than "me" use my blacklist. (And that's why I don't publish it :)

        I'm too lazy to take entries out on a day-by-day basis. I believe public blacklists (in general) are a Good Thing, on the grounds that they're easier (for the admin) to use than private blacklists, easier (for the admin) to maintain, and easier (for legitimate customers if and when the ISP cleans up its act) to get out of.

    • Try actually reading the question. The complaint is not about blacklists in general, but rather about poorly administered blacklists.
      • Try actually having to deal with spammers. They lie and threaten to sue often if I complain.

        If you do the crime, be prepared to do time on the blacklist. Ignorance of spam administration is no excuse.
    • by xee (128376)
      Your logic is... fuzzy.

      First of all, your crack-house metaphor is absurd. Secondly, your "if you dont like it, move" mentality is so amazingly worthless, I'm surprised i'm even taking the time to point it out.

      If you don't like it, try to make it better.
      • by Tackhead (54550)
        > First of all, your crack-house metaphor is absurd. Secondly, your "if you dont like it, move" mentality is so amazingly worthless, I'm surprised i'm even taking the time to point it out.
        >
        > If you don't like it, try to make it better.

        Moderators - give that guy back a point.

        I really should have written "If you don't like it, ask your landlord to evict the dealers. Then think about moving."

        Or "If you don't like being listed in SPEWS, and you're not a spammer, ask your ISP to boot the spammers. You, as a customer of the listed ISP, have a hell of a lot more pull with that ISP than the spam recipients do."

    • by FreeUser (11483)
      No, they're not unreasonable.

      [...]

      You wanna get bandwidth with a company that provides services to spammers and relocates spammers to IP addresses to avoid blocking of single IP addresses, don't come whining to /. when the rest of the world wants nothing to do with your ISP.


      Thank you.

      The only way you get blacklisted is if you (or your ISP) is stupid enough to run a promiscuous mail server that allows anyone to use it as a maildrop/forwarder. Fix the problem (either getting a new ISP, closing up your server, or highering competent people to run your service) and you will be de-blacklisted.

      If you cannot be bothered to do any of these things you (and your company) don't deserve to be on the internet, and certainly don't diserve to have any contact whatsoever with me.

      Since all of these lists are voluntary, if I have chosen to shun you on the basis of one that is my choice. You do not have a right to be able to contact me if I don't wish to allow it, so get over it, learn from your mistakes, and don't make them again. If you can't be bothered to learn, then, well, enjoy being a component particle of the Black Hole.
    • by JordoCrouse (178999) on Friday February 15, 2002 @08:06PM (#3016021) Homepage Journal
      Don't like living in a crack house? Move.

      What about the people living next door to the crack house? Should they not be able to get a pizza as well? How about the good houses that get anonymously accused of being crack houses?

      The fact of the matter is, for every legimiate spammer on the list (even the well administrated ones), there is another placed there unfairly.

      In the three weeks preceding the much awaited dumping of ORBS, we started dropping mail from 4 different valid mailing lists and 1 valid business (it was a brick and mortar business - no web presence, just an e-mail server). One of the lists was LKML (and I have no idea why it was on the list), and the other three had the misfortune of being on the same web hosting service as a spammer.

      The brick and mortar was on the list because of an open relay (which was a good reason to be listed), however once it was closed, they were not allowed to be removed, though their level of e-mail is about 20 - 30 message a day, and they have never send a spam in their existance.

      The problem is that we are all living in close proximity here - legit businesses are only a few digits away from spammers (just like the real world). And the knee jerk reaction that most sysadmins take in dealing with the situation is similar in nature to burning half your mail daily because the postmark is similar to a known junk mailer. And burning is a reasonable analogy, because blocked emails don't get archived or analyzed, they get tossed, lock stock and barrel.

      Its so easy for a sysadmin to install a blacklist and never worry about it again (unless of course, *he* starts losing messages).

      The price for having a spam free existance is to constantly monitor and evaluate the system, not to light a match and walk away.

    • you must use BSD
    • Re:No. Deal with it. (Score:3, Informative)

      by McSpew (316871)

      So, I guess you've never wound up the victim of a poorly-administered blacklist, have you?

      My experience with open relays is virtually identical to that of the person who inspired this thread. My server was used as an open relay for part of a weekend.

      Near as I can tell, the first spam fired its way out of my server on Friday night around midnight. I closed off the relay on Sunday morning around 10:00 am. In that time, literally thousands of spams were sent, so I fully expected to be blacklisted and even warned my bosses and co-workers.

      What I didn't expect, however, was to still be trying to get myself off those blacklists SIX MONTHS LATER.

      I think blacklists can be a valuable tool for fighting spam, but only if they're sensible. Blacklists that permanently block without ever rechecking blocked IPs are irresponsible. They're adding to the difficulty of using the Internet, not improving it. They're also reducing their value to their subscribers because they're blocking IPs they shouldn't.

      In short, I agree with the post that called for an RFC. If there were some sort of standard for relay blacklists, it would be a damn sight easier getting off the lists once you've resolved the problem.

  • by 5.25" Floppy (79917) on Friday February 15, 2002 @07:07PM (#3015712)
    ... but dammit, they just don't seem to be getting my e-mail! I'm going to start having all my friends send them a few mails as well... *sigh*

  • by ackthpt (218170) on Friday February 15, 2002 @07:09PM (#3015721) Homepage Journal
    At one point in the not-too-distant past, our server was an open relay. I admit I'm a sinner for letting it happen, and I'm ready to do my pennance.

    ...and the number of counting shall be three...

  • by Tyrall (191862) on Friday February 15, 2002 @07:09PM (#3015724) Homepage
    From the article: I could draw a bunch of analogies here, but isn't the bottom line that no one owns the internet e-mail system?
    This is a fallacy that continues to be propagated. I own my own mail server. The company I work for owns its mail servers. We can both decide who we want to allow to send mail to our users.

    At work, we use two open relay lists; ORDB [ordb.org] and ORBZ [orbz.org]. Nobody forces us to use them; it's our server cluster, and our choice.
    The reason we use those two systems, however, is due to the reasons pointed out in the article. Some blacklists are far too easy to get onto, or hosts are arbitrarily added by humans. The only way to get onto either of those lists is to be an open relay. The only way off is to be automatically retested and found to not be an open relay.

    • e-mail system not server.
      he is correct, nobody owns "the system".
  • by fishybell (516991) <(fishybell) (at) (hotmail.com)> on Friday February 15, 2002 @07:09PM (#3015725) Homepage Journal
    I've had my e-mail address at hotmail for many years, and until the last year or so haven't taken any precautionary measures to reduce my spam intake. As a result of this, that address receives hundreds of spam messages daily (thank god for filters).
    I've only noticed that spam is getting harder to filter because of the blacklists. No longer are they all coming from a dozen or so servers, but instead hundreds.

  • by Henry V .009 (518000) on Friday February 15, 2002 @07:11PM (#3015731) Journal
    Unfortunately you are on my personal spam blacklist. I will consider removing you in return for a fee that will be calculated based on the amount of my time you wasted by allowing yourself to be used as a tool of the spam distributors. And I want you to grovel too.

    P. S. And how come I never got those pics of Teen Sara27 XXX 18th birthday?

  • ORDB.org (Score:4, Informative)

    by paranoidia (472028) on Friday February 15, 2002 @07:12PM (#3015736)
    ordb.org [ordb.org] is a great site for this. They are very professional with both addition of servers, and subtraction of them. My mail server was an open relay for a time till I got an email from them saying that I was blacklisted. I quickly fixed the server, and submitted that my site be checked again, the next day I was taken off their lists, very easy. They run about 20 tests connecting to your server and sending e-mails for the most common way of sending spam. Also, as they say in their faq that they reload their lists every hour to get servers off it quickly. Well done!
  • Blacklist sites (Score:5, Interesting)

    by schon (31600) on Friday February 15, 2002 @07:12PM (#3015740)
    OK, you've fixed your mail relay(s)..

    This is a good thing - and what every blacklist's ultimate goal is.

    Speaking as a mail server admin, I'd be interested to know which lists are not removing you - so that I can make sure I'm not using them.

    Seriously - letting people know about this is the best way to get what you want. If your site is not a relay, any blacklist maintainer is doing their users a disservice by listing you.

    As a mail admin, I'd want to know.

    Alternatively, you could do the American thing and threaten a lawsuit - most blacklist operators are immune from libel charges because they're just listing people who operate open relays (truth is defense against libel) - if you're not an open relay, then you've got a good case for libel: they're deliberately publishing false information to hurt your business.
  • I work for an ISP. We were blacklisted because of internet users infected with microsoft email viruses.

    Some filters require the recipient to flag your email as spam, then when a certain threshold is hit you are blacklisted.

    Since only messages with title "Hahahaha" were being sent to a specific domain, we exceeded the threshhold and became blacklisted.

    It would be nice to filter all of our email, but we do not have the resources or can take the responsiblity to filter email content.

    shucks.
  • Umh, no... (Score:2, Interesting)

    by OneFix (18661)
    Blacklists are perfectly reasonable.

    1) You have to prove that you weren't doing the spamming. (this is good)

    2) You also have a "waiting period" to be removed from these lists. (this is also good)

    The fact that you let your server become an open relay (configuration error or not) is bad. Think of it as your "slap on the wrist" for allowing it to happen.

    Overall, this is a good thing. I bet you will make sure that your servers are secured properly from now on.
    • Also a GoodThing (Score:2, Interesting)

      by ackthpt (218170)
      Let it serve as a warning to admins who don't take this thing seriously, because of neglect or lack of support by supervisors.

      Back in the day, I tried to email a resume to a credit union and found my email bounced even getting to them, because their open relay had been abused. It no doubt made doing business very difficult for them.

      This of course is no real help to anyone who brings in a contractor to set things up and leaves the door open. Maybe worth wording into a contract that contractor is responsible for certain damages due to oversight. I know contractors are advised to carry insurance, I wonder how this example would play out.

    • But if the people who are quick to blacklist servers aren't at all in a hurry to de-blacklist servers which have 'learned the error of their ways', it creates a huge amount of resentment.

      Additionally, as someone else pointed out, those list maintainers are doing a disservice to those who use their blacklists, because the validity of the data is called into question. Yes, a.b.c.d WAS an open relay 6 months ago. It is not anymore, and hasn't been for over 5 months. To continue to list that IP as an open relay when it's not is simply wrong, and is anything BUT "perfectly reasonable".

      "Reason" would dictate that once a server is not an open relay it would be removed. The poster was complaining about lists they can't seem to get removed from.
    • 1) You have to prove that you weren't doing the spamming. (this is good) no this is bad.
      The burden should be on them to prove your open relay was being used for SPAM.
  • by dietz (553239) on Friday February 15, 2002 @07:14PM (#3015752)
    I'd just like to give some props for SpamAssassin [sourceforge.net].

    If you haven't heard of it, it's an elegant system that assigns a weight to each email message based on hundreds of different tests, and if the email scores over 5 (configurable), it is marked as spam.

    One of the nice things about it that is it uses most of the email blacklists, but they're only worth ~2 points, so being in a blacklist alone isn't enough to kill a message. That's good for those blacklists that throw far too many people in that don't belong (osirusoft). It also uses razor, but that is only worth three points, so if someone is piping bugtraq to razor-report (that happened for a while) you won't lose all that email.

    There's a really interesting set of tests (it's fun to read them) each with an obscure set of points including:
    HTML with a non-white bgcolor (1.2)
    Claims conformance to obscure spam law (1.0)
    HTML mail with no text portion (3.33)
    Various spam phrases (various points depending on how many "hits" there are)
    Subject ends in an exclamation point (0.5)

    The points have apparently been calculated using some program to give the best accuracy.

    Anyway, SpamAssassin is the best of the spam removal programs I've seen. Give it a shot!
    • by stu72 (96650)
      I ran a simple procmail filter for a while, and I was astounded how much spam I could nuke by filtering based on subject line punctation. Some of my triggers:

      more than 2 exclamation marks
      more than 2 dollar signs
      All caps

      etc etc.

      Worked pretty well, for its simplicity.
      • by Da Schmiz (300867)
        Yeah, a friend of mine was using a similar system, and it worked quite well for him. That is, until the day his boss sent him a message with the subject line "URGENT!!! THIS IS VERY IMPORTANT!!!" or something like that. He never saw the message.

        So, the boss realizes that perhaps my friend didn't get the message, and so the boss forwards the message to him, with a note attached, so now it reads "FW: URGENT!!! THIS IS VERY IMPORTANT!!!"

        This happens two or three times before he finally figured out what was going on.

        Moral of the story: quarantine spam, but don't automagically send it to a black hole. Only the addressee can truly differentiate legitimate mail from spam.

    • I personally like SpamCop.Net [spamcop.net]. It has a dynamic black list based on ip. If people report spam from a specific ip address, it will (after a certain threshhold) get added to the black list. Once the spam stops being reported, the ip address becomes open again.
    • I started running spamassasin a few weeks ago and it works wonderfully. I've got it set up on my box so that users can choose to use it or not by some simple procmail configuration.

      The way I use it is have all spam messages get dumped to a common directory. This way I can verify that I didn't lose something important. In the 169 messages it filtered out during my last cleaning, 3 (all from mailing lists I'm on) we filtered improperly, and none of them were that important.

      The beauty of this approach is that I can deal with wiping the spam out all at once and not have to be digging through my mail box wondering from subject lines if something is worth reading or if it's spam. I'll just do a "grep Subject: * | less" in the directory I use for storing the filtered messages and check for any mistakes. I add the mistakes into my procmail filter and voila, I get maybe half a dozen spams a week now.
  • Yes and no (Score:2, Insightful)

    by Grax (529699)
    Being added to a blacklist without being informed of it is wrong. I was added to a blacklist due to an oversight in my mail config. We were not generally an open relay but in specific instances we were.

    Any time that happens an email should be sent to postmaster@(reverse dns of mail server IP address) to inform them of the action being taken and the specifics of their openness. Just "you are running an open relay" is insufficient.

    Also the ability to quickly remove the address from the blacklist when the other mail admin repairs the problem is important.

    I don't particularly like blacklists but something must be done to discourage open relays and for now they are the only option.
  • Wouldn't it just be a lot simple if the mail servers, when they receive a connection from an smtp server to deliver mail, make another connection back to the smtp server on port 25. If the connection can be made, then it means that it's an open port, and therefore the mail is rejected? Wouldn't this be a sort of "dynamic blacklist"? That way, mail from an open port is never accepted.
    • Wouldn't it just be a lot simple if the mail servers, when they receive a connection from an smtp server to deliver mail, make another connection back to the smtp server on port 25. If the connection can be made, then it means that it's an open port, and therefore the mail is rejected?
      It means that the port is open (you can't have smtp server with smtp port closed), but it doesn't mean that it's an open relay. You'd have to make an smtp transaction.
      • Re:Easier solution (Score:3, Interesting)

        by Phork (74706)
        you very much can have an smtp server that does not listen on a tcp port, but it can only be used for outgoing mail. Many people use this configuration with sendmail so they can send mail directly from there workstation, but recive mail on another system. Sendmail is just invoked from the command line, so it doesnt need to listen on a tcp port.
  • When you set up a mail server, never EVER write:
    host_accept_relay = localhost:192.168.1.0/2
    when what you want is
    host_accept_relay = localhost:192.168.1.0/30
    It took me ten long hours to figure out that I allowed 1/4 of the whole Earth to use my relay, when I wanted 4 computers on a private network. And it was probably the worst 1/4 of the Earth, every C-class network... It was a long day which I will never forget. In this ten hours I read more about smtp than ever before... So remember kids, don't do this at home!
  • by alansz (142137) on Friday February 15, 2002 @07:18PM (#3015776) Homepage
    DNS-based blacklists are not your problem. There are no more than a dozen that are really widely used (some orbs spinoffs like http://www.ordb.org and http://www.orbz.org, the MAPS ones if you're willing to pay (or can get a hobby contract) at http://www.mail-abuse.org, and the collection at http://relays.osirusoft.com that includes open relays, spamhaus, and SPEWS. All of these systems have clearly-published listing policies and are actively maintained and if you're blocked by one of them, you'll likely get out sooner or later once you're clean. (In some cases, you can have them automatically retest you). Plenty of mail admins find that using the information on these sites to protect their mail servers from spam is highly effective.

    Your problem is twofold. First, while you've cleaned up your open relay, plenty of spammers and spam-friendly hosts make the same claim and lie (Rule #1: Spammers lie). So you may have to be patient.

    More importantly, your server ip may now be sitting in hundreds of private blacklists of mail servers whose admins don't like to use the centralized lists, and just reject/blackhole spammers on their own. It is the presence of well-trusted centralized blacklist services that gives you even the hope of ever having decent communication, because without them, you'd get into a thousand tiny blacklists and never get out.

    (P.S. Note that if you're checking your status using the rblcheck tool at http://relays.osirusoft.com, it will tell you about a lot of blacklists that are not intended to be publicly used and not part of the usual osirusoft dnsbl, as well...)

  • by jumpingfred (244629) on Friday February 15, 2002 @07:19PM (#3015783)
    The real question is did you only close down the open relay because of the black list? If that is the case then the black list did the job.
    • But if you're not taken off the list afterwards, then there's no reason not to run an open relay - you're already screwed - and so is everyone else who may be saddled with your IP address at a later date. Part one is fixing the problem - part two is revoking the punishment.
  • RBL can be useful... (Score:3, Interesting)

    by dtdns (559328) on Friday February 15, 2002 @07:20PM (#3015790) Homepage

    I agree that some BL's are not properly managed. The old ORBS system was a perfect example of this. They would add you if you were an open relay, but getting OUT of the database was pretty much impossible if the guy that ran it didn't like you or your attitude toward his "service".

    One of my mail servers ended up on ORBZ as well as ORDB because I had made a mistake in the configuration, and I corrected it and was promptly removed after submitting a re-test request.

    I now employ the use of RBL on my own servers, but I will only use those services which will remove "fixed" servers using an automated testing system that works properly. ORDB, ORBZ and Osirisoft's RBL's tend to be the best AFAIK. I have found that by using these systems, the level of SPAM that my users and I receive has dropped to a point where it's not entirely annoying or time-consuming to deal with it anymore.

    One RBL that I stay away from using is the one operated by SpamCop (bl.spamcop.com). It's a great idea, but it ends up blocking out too much "real" e-mail as well, esp from the larger ISP's like Comcast, etc.

  • by Thagg (9904) <thadbeier@gmail.com> on Friday February 15, 2002 @07:21PM (#3015797) Journal
    rlsnyder asks Has SPAM really decreased universally thanks to these lists? Well, it is hard to say. Spam has increased monotonically since its inception, and it continues to grow. It is possible that blacklists have helped lower the rate of growth.

    What blacklists really do is get the attention of sysadmins, and get them to take the problem seriously. I, like rlsnyder, was victimized in the same way -- our mail server was an open relay, we forwarded some spam, and got blacklisted. It took me a week or so to get it straightened out, and in the process I learned quite a bit about the UCE problem. rlsnyder similarly has been enriched by the experience, whether he agrees to that at this point or not.

    One always has the option of sending mail from one of the many free mail systems. If your mail is blocked while your case is being reviewed, then send it from hotmail or someplace like that. That's what we did. In took about a week for the last of the spam reporting services to delist our site, and while it was inconvenient, it wasn't devastating. It won't be for rlsnyder, either, I trust.

    The big problem is that there is nothing to stop the spammers. People who relay mail through unsuspecting companies are already criminals, they will not be dissuaded by laws. The only thing that the anti-spam community can do is to try to put a finger in all 2^32 holes in the dike, and the only way to do that is to educate people. The blacklists are that education program

    thad

  • I recently discovered that any e-mail I sent with the return address listed here (and elsewhere on the web) will not get through to AOL. There's no notice of this of course, so I just never got responses from people on AOL. This had nothing to do with my mail server (I tested this with multiple mail servers and return addresses), it was completely based on the Reply-To header - changing the reply to address fixed the problem. Based on my experience, I see two main problems with blacklists:

    Without notice that your message was rejected, it seems like the message is getting through, but the recipient is unwilling or unable to respond. This is a real pain with eBay, especially with Paypal payments (the sellers apparently never noticed that money had magically appeared in their accounts unless they received an e-mail notice).

    Basing the filter on the Reply-To header is rather stupid, because it can easily be changed or forged. Spammers can simply spam under your address until it gets blacklisted, then move on to another, leaving you screwed. Sure it is simple to just change your return address, but how do you know that you have to if nobody tells you that you're blacklisted?
  • From what I see, the person is in the SPEWS DNS blocklist, an advizory list. However, it looks like he gets productivity from a known spam services provider (such as Global Crossing, Verio, Sprint, and Exodus to name a few).

    The person needs to contact their ISP with a lawyer on hand and give them a deadline -- if they don't remove their spammers, the person's company will sue for breech of contract and reclaim the cost of moving to a clean provider.
  • That is, what if there was a trusted entity that ranked blacklists based on their accuracy? No one would use a list that was 50% accurate when there was another that was 95% accurate.

    Blacklist maintainers would naturally want to be at the top, and this would foster competition and generate better more accurate lists.

  • Trust, but Verify (Score:2, Interesting)

    by eaolson (153849)

    After lurking on news.admin.net-abuse.email for a while, I've seen a lot of mail admins post asking to have their servers un-blacklisted because they've "cleaned up their act" only to have it pointed out to them that they are still hosting spammers.

    Perhaps you could tell us where you have been blacklisted and what IPs are listed so we can see for ourselves the veracity of your statement?

  • by ellem (147712) <ellem52@gmai[ ]om ['l.c' in gap]> on Friday February 15, 2002 @07:35PM (#3015885) Homepage Journal
    A little while ago a site I worked at was blacklisted.

    We fixed the problem that day and when we contacted the SPAM COP he wrote back to say, basically:

    All Lotus Notes Mail Servers are insecure so we're leaving you on the list. Get another mail server.

    I made achange in the Notes.INI file that made it look like I was using SendMail. And he fixed us.

    Ridiculous policy. Notes is pretty secure anyway! I wonder what this guy read...
  • by not_anne (203907) on Friday February 15, 2002 @07:37PM (#3015892)
    My employer's corporate office email system is an open relay, so that outlying offices (like ours) can send email, and so the company can track what we're doing.

    Recently, spammers have discovered our open system and have been relaying at a furious rate (read: thousands of emails a day.) This caused *our* email to get reflected back to us most of the time, and it also got my employer's domain on several spammer blacklists. This is such a problem, that the corporate office recently switched ISPs over it.

    Now, with the new ISP, the IT guys have "cracked down on security" by banning relaying...for 1/2 the day. In the mornings we can send all the email we want (and so can the spammers), but after we all get back from lunch, no more email can be sent out. My employer is baffled why we can't get off of the blacklists, even after the move to the new ISP. I just laugh and goof off for the rest of the afternoon.

    I'm all for an appeals process of some sort in order to get off of spam blacklists, but some companies do deserve to stay there, as long as their habits and policies don't radically change.

    not_anne
    • by Anonymous Coward
      Seriously. They need to be canned. NOW.

      My employer's corporate office email system is an open relay, so that outlying offices (like ours) can send email, and so the company can track what we're doing.

      Your employer's corporate office needs to emply a VPN.

      My employer is baffled why we can't get off of the blacklists, even after the move to the new ISP.

      Tell him it's because th IT guys are incompetant. Point him to this message if he thinks it's just you. You NEVER need an open relay. Tell him that you need VPNs between sites - that with the email flying around unencrypted, that anyone can view all of your internal memos as they fly between sites.
    • Ok.......

      You *do* realise that mail servers can be configured to only accept relays from certain domains? eg from "outlying-branch-isp.com"?
      And your new ISP is "cracking down" by letting it go half the day only? Hmmm .. I take it you get charged by the MB by your new ISP?

      I know, it's fun to goof off, but you're doing the rest of the internet a disservice.For chrissakes, get somebody to post your system specs here on slashdot and get somebody will post the steps required to walk you through setting it up .... even *I'll* have a go, if it stops the spam just a little bit.

      If someone at your outlying branch isp subnet(s) discovers your mail relay after that, well it should be a simple matter for you to get them booted.

      Oh, don't post any identifying details about your company, unless you want them to experience THE AWESOME POWER OF THE SLASHDOT EFFECT *evil grin*

      Heh , I like the sound of that ...
      "NOBODY EXPECTS THE SLASHDOT EFFECT!"
      Kind of python-esque.
    • An open relay is not necessary in order to make email function at the outlying offices. You don't even need a VPN. The mail server can be configured with the static IP addresses of each of the offices as valid "local" addresses. Of course a VPN is much better as that also improves your security.

      As confirmed by another [slashdot.org] of your postings, your company management are morons who have apparently hired idiots for the IT department. Obviously you recognize it, and can leave if you feel that is necessary, or can stay as long as you can deal with it, and are not blamed for it. Should they ever offer to promote you into IT, be sure you insist that you be given the authority to fix the problems with no further permission from management to go ahead.

  • simple solution.. (Score:4, Interesting)

    by Lumpy (12016) on Friday February 15, 2002 @07:38PM (#3015895) Homepage
    a self maintaining blacklist. if you get blacklisted and then fix it, you go to a webpage that you submit that you're fixed. then the system simply uses a seperate computer that is NOT on the webpages domain and tries to relay email. if the relay happened then the blacklisted site is still blacklisted, otherwise it is automatically removed.

    Maybe 100 lines in perl to accomplish this. no real effort required.
    • How long until the SPAM'ers found a way to configure a mail server that blocks your 100 line perl script but still allows open relaying?

      However, your 100 line perl script could be useful as a pre-emptive measure to warn admins who have carelessly left their servers open to relaying. So if it finds an open relay, it sends the admin mail saying:

      "The Automated Open Relay Detection Service has determined that your server does not sufficiently deny open mail relaying.

      The following test was performed:
      <test details here>.

      If you do not wish to be added to various blacklists services, you should probably fix it. If you need help fixing it, useful resources include:
      <useful urls&gt"

      Set that up as a distributed project, and it'd find all the open relays on the internet PDQ.
      • by Phork (74706)
        you seem to be not understanidng something. Open relays are not uasualy set up by spammers, they are uasualy setup unknowingly by companies for there corprate email and things like that. Then a spammer finds out that the server is an open relay, and starts to bounce there spam off it. So it is not at all an issue of spammers finding a way to avoid having there mail servers detected, a smart spammer would not run an open relay on there own server, because open relays get blocked, and can cost you money if someone starts to send a large amout of traffic through the server.
        The only time you would have someone trying to avoid their server being detected as an open relay is when they use the server for legitimate(non-spam) purposes, but are to lazy to make the server not an open relay.
    • by Phork (74706)
      i belive this is how several of the blacklists currently work, at least for the removal. I dont know if they automatically go out and hunt for open relays.
  • I'm trying to move data from one point to another, and some machines in the middle are discriminating against my data

    Just wait a minute there Jethro... "machines in the middle" are not discriminating against your data. It's not like your mail passes through this machine that says, "Hey, you're a bad bad person! Go away."

    In fact, the recipients are the servers refusing to deal with you. Sure, it's because they've subscribed to a list, but the list is not the one refusing you, it's the server that reads from it.

    That said, it's not very nice to remove you from such a list once you've demonstrated your server is fixed.
    • That said, it's not very nice to remove you from such a list once you've demonstrated your server is fixed.

      Oops. That should have said, "It's not very nice to refuse to remove you" ...
  • I can understand the problems caused by unmaintained blacklists, or ones that operate on the roach-motel principle. All you can do is communicate directly with the blacklist maintainers, or communicate with the sites blocking you (mail to postmaster shouldn't be blocked) and see if you can convince them the blacklist is unreasonable. If sites start getting lots of reports about a blacklist refusing to delist open relays after they've been fixed, site operators may stop using those blacklists.

    On the other hand, you admit to having had an open relay in your network. Back before 1995 or so this might have been excusable. If we're talking in the last 6 years, though, there's no excuse. The problems have been well-known, the solutions equally well-known and easily implemented. If you shoot yourself in the foot, even unintentionally, whose fault is the resulting pain?

  • Consider all the small and medium sized businesses out there. They may be lucky to have even one admin, yet still need to provide email to all their employees. That one(if even that) overworked admin may have many responsibilities, one of which is running a mail server. I know some of you would like to say, "hey if he can't run his mail server right, he shouldn't be doing it at all". That's a bad attitude to take, and putting someone on a blacklist without giving him the chance to correct the problem first is just plain wrong. Yet thats what these blacklists do. Only after you take care of the problem are you taken off the blacklist.


    IMO, the way it should work, to be fair, is to send a warning email to someone from the company. Then, if that email goes unnoticed, put the company in the blacklist. Even better, put something informative in that email letting people know how they can stop their server from being an open relay.


    I should know. I've been in this situation, where my email server was way down on my list of priorities. I was blacklisted without warning or explanation. I had to investigate the whole matter myself, fix the problem, find the people who blacklisted me and go through their procedures to get off the blacklist. While I see the need to have blacklists, they certainly could do a better job dealing with buisnesses who have no intention of spamming and who may have just overlooked or not even known about the problem.

  • Sysadmin A, whom didn't take the time to check the security of his mail server, is complaining about sysadmin B whom doesn't take the time to maintain his spam list?

    Please tell me what company you work for. I'd like to see how well-maintained and secure your systems, apparently employed by some type of financial company, really are.

    ...or feel free to move your mailserver to another IP or subnet if you can't get it unblocked. Testing it could be a pain in the butt, but isn't the spam that you let through a pain in the butt also?
  • Use EXIM as your mailserver and you can have the best of all worlds.

    1) Messages are checked for RBL
    2) A X-RBL-Warning header is added to the message
    3) Users can choose to filter these messages themselves
  • by www.sorehands.com (142825) on Friday February 15, 2002 @07:56PM (#3015981) Homepage
    If you had an open relay that was used by spammers, go after a few of them in court. Go after the people who sell the SPAM software that uses the open relays.


    Bankrupt a few spammers, show others it is not cheap to spam. Maybe get some charged criminally.


    All spammers should be tortured, then executed.

  • by curunir (98273) on Friday February 15, 2002 @07:56PM (#3015983) Homepage Journal
    IMHO, Blacklists are just a small band-aid on the gaping wound that is SMTP. SPAM has proliferated to the point where it needs to be dealt with in a more sane manner than just punishing the offenders.

    I'm usually all for privacy, but I think we need to be using an email transport protocol that involves some form of authentication. I'm not sure if some such protocol exists already, but it doesn't seem like it would be too hard to create.

    Am I way off base here, or wouldn't this cut way down on SPAM?
  • The rehabilitated system or network should be able to submit there address to a server to be crawled for open relays (much like submitting a URL to a search engine).

    The server would connect to each address in the resubmission list and test if the relay was open. If an open relay wasn't detected then the system is put into a probationary state or taken off the list entirely. It's an automated solution that doesn't require any work by spam list administrators.

    If necessary, the list of resubmissions could be distributed to volunteered machines (similar to seti) on many different networks. The volunteer machines then double-check the result. This reduces the chance of someone closing the relay exclusively for the spam list server.

    A three-strikes and you're out policy could also be put into place.

    Jason.
  • I've done the exact same thing as the poster of this article - and it took ages (weeks, IIRC) to get off the list, despite being "clean" for all that time.

    One item of spam had been sent through our server, I spotted the problem, fixed it, and got told that I'd been blacklisted. I then applied to be retested ("oh please Mr. Self-Appointed Cop, please say that I am good"), and was not removed from the list for a long long time. It should be automatic. Maybe test that server once a day for the next few weeks to make sure that it stays closed, if you feel such an urge. But everybody loses when the lists are not updated promptly - the admins of previously-open relays cannot send email, innocent recipients of email from the previously-open relay don't receive email they were expecting, and the maintainers of systems using the blacklists lose faith in the accuracy of the list, and stop using them (hopefully!).

    I really don't know why people bother using these lists - I've not seen anyone claim here that they've benefitted significantly from doing so, and many people are harmed.

  • As other people here have said, blacklists can be bad but most often only need some patience to get off of.

    What's far more annoying, in my opinion, is those sites who've configured their mail server to be utterly anal about DNS. Forward mapping, reverse mapping, no underscores, etc. etc. Since many otherwise decent mailservers are stuck with ISP "What's DNS?" level support, this can be a pain in the ass for completely innocent victims.

  • Rather than try to 'rehabilitate' those blacklists that are too rigid, count on those who subscribe to the block lists to pick those that are most responsible.

    Think about it: If I run a mail server and use the biggest, least lenient blacklist provider out there, my users will start to complain when they're not getting important emails from people.

    As in everything there's a middle ground between blocking too much and blocking not enough (or even none). the right answer is tu make sure mailadmins listen to their users, so they can find the right black hole list, striking the balance between spam and legitimate access.

    Who knows, we may even get a responsible public organization out of this, recognized for specific rules and procedures for blacklist inclusion and removal. the sooner there's one list, the sooner we have less spam and less illegitimate blocking.
  • Sending out spam is no different from any of a number of other activities that give your business a bad name. If you publish an insensitive ad in a newspaper, you'll have to deal with that for years to come. If you send out spam, you'll end up in people's kill files. The fact that some of those kill files happen to be public for the convenience of users doesn't change that. Even if you could force all the public blacklists to remove your name, people would still have you in their private kill files.

    You'll just have to be more careful next time. As you discovered, the cost of relaying spam is higher than you may have thought originally. Eventually, those entries will go away. But even consumers have to wait many years before bad credit information goes away.

  • It's real simple (Score:3, Insightful)

    by tuxlove (316502) on Friday February 15, 2002 @08:32PM (#3016100)
    If someone runs an open relay, they deserve to be blacklisted. Those sites who enjoy receiving spam can choose not to use blacklist information. Those who do not like spam can use blacklists.

    However, those who repent and fix their open relays should be immediately removed from any open relay blacklist they might be listed with. It's totally irresponsible to run a blacklist without provisions for keeping them up to date in near-realtime.

    An example of a great service was ORBS (the Open Relay Blackhole Service), may it rest in peace. It was largely automated, and would add and remove sites simply based on observations made by their relay-checking robot. There were some manual entries (for sites who refused to be probed), and that was cause for a bit of controversy. But by and large it was quite excellent. I can see absolutely no reason whatsoever for anyone to complain about the creation and use of such blacklists, unless they are a spammer. I have never heard a valid reason why an open relay should be considered okay (I do *not* agree with John Gilmore, just about the only slightly credible dissenter I've heard on this topic. He's just too lazy to use one of many available alternatives to what he's trying to accomplish. See this [weblogs.com] to see what I'm talking about.)

    Too bad most of the great blacklist services seem to be going away or becoming (highly overpriced) commercial endeavors.

For every bloke who makes his mark, there's half a dozen waiting to rub it out. -- Andy Capp

Working...