zombie anti-spammers? fabulous

[rone]

Dear dr_strych9: please supplement my arguments against real-time blackhole lists with this delightful story about a blackhole list that came back to life fifteen months after its death and caused all its subscribers' incoming mail to bounce.

Comments

[ronebofh.livejournal.com]

Maybe i'm just not with it these days, but unlike most popular open-source software, the history of RBLs has not been one of stability or respect. I might change my tune in 5 years.

Mail failure due to a false positive hit is a pernicious problem, because how do you tell the other party that you're not a spammer if you can't send them mail? It's also a PR problem: "HOW DARE YOU CALL ME A SPAMMER"

[zonereyrie.livejournal.com]

I've run into that personally, just recently. Someone used the comment form on my GizmoLovers.com site to ask me a question. So I replied to them at the email address they used. Only they used their work email address. I got a bounce with a standard error - 550 or something like that, saying it was spam. I figured it was because I mentioned some pricing and such, so I send a plain message - it bounced the same way. Eventually I contacted their postmaster - turns out they have a 'no non-work email' filter rule, which they lumped in with their anti-spam rules. I was a little annoyed at being called a spammer by their ruleset, but mainly I was annoyed at the bad configuration they used that caused that. If they want to block non-work email, fine - but send an appropriate message to that effect, not a red herring about spam.

I think most people understand mistakes happen, and if you fix it quickly they'll get over it. In our case, since mail hits the white list first, even a 100% false positive RBL wouldn't impact email with anyone we have exchanged email with in the past. (The list auto-updates - anyone a user emails is on the list.) So it would only block any new senders, which is less of a problem.

I would never recommend relying on RBLs as your only line of defense, or thinking they're infallible. But I think they can be part of defense in depth. Spam is a huge issue, and no one solution will take care of it all.

At work mail goes through many filters - first the coarse whitelist on our relay that only allows email to valid addresses through, then commercial software on Exchange that runs through a number of filters - SPF, white list, a corporate blacklist (addresses we blocked), a phishing blacklist, a spam address BL, then a DNS RBL, keyword filter, header filter (malformed/forgeries), bayesian... probably others I forgot. And then I have Outlook's Junk Mail filter turned on, which catches a lot of the spam that makes it that far.

In the end I end up with only a little spam making it into my inbox - which is a lot better than a few years ago, before all of this was in place. Before the commercial system we had a lashed-up SpamAssassin setup, but that took a lot more labor to keep working well, and was never as effective really. And before that, when I first got here, we didn't have any anti-spam. That was suboptimal.

[qwrrty.livejournal.com]

As with open source software, some RBLs are run responsibly and with great diligence to accuracy, and some are.... not so much. You are familiar with this distinction in Usenet software, I believe.

For the purpose of comparison you may consider ORDB to be the FirstClassBBS (or perhaps the QWK Offline Reader) of realtime blackhole lists.

[also-huey.livejournal.com]

the history of RBLs has not been one of stability or respect

I don't think that's entirely fair. I'll grant you that the history of RBLs run by shitheads hasn't been one of stability or respect, but several (most notably Spamhaus and the CBL) are both well-run, mostly transparent, and generally not insulting except in the face of categorical stupidity. But to lump folks like Linford, and even Vixie and Rand, in the same category as complete fuckin snapperheads like Alan Brown, Ron Fucking Guilmette, Joe Jared and Brian (or Brielle, apparently) Bruns - that's apples and oranges. The folks in the former group are running a business that tries to help preserve the utility of email, while the guys in the latter are just waving penises.

[ronebofh.livejournal.com]

I was getting all het up about you calling Spamhaus well-run until i realized that i was thinking about SpamCop.

[also-huey.livejournal.com]

Believe it or not, Spamcop largely got unfucked a couple years back, when it stopped being run by Julian and started being run by Ironport. I too used to enjoy the whuppin-on-Spamcop, but after Petersen took over, holy crap, they fixed it. AFI has statistics (http://www.dnsbl.com/2007/05/spamcop-bl-another-look-its-accurate.html).

[motis.livejournal.com]

A couple of years ago, I had a problem with e-mail from my server in China being classified by an RBL as spam. I run a private, by-invitation-only site that requires deliberate registration, and the only e-mail we send is to people who definitely want to receive it and have explicitly requested it. Our mail was being blocked because Spamhaus listed the entire data center where my server is co-located as a spam source. It's true, there were some spammers using servers in that data center... IIRC, two or three. But the data center is in China, where there is no option of putting your colo box in a different ISP's data center, and the people running the place were unable to read the RBL notices being sent to them in English, and had no idea what was going on. Hundreds of servers in that very large data center were potentially impacted (I say 'potentially' because surely some of them don't send out e-mail), and 99.99% of those servers were owned or rented by people who had nothing to do with any spam being sent to anyone.

If putting pressure on customers to use a different ISP's data center is the object, then this particular action was one of those EPIC FAILS we all know and love, because there aren't other ISPs in China to give your business to. What ended up happening in this situation is that I was personally forced to act as an intermediary between Spamhaus and the Chinese administrators at my data center in order to get my e-mail working again. Don't get me wrong, I hate spammers just as much as anyone (and given my capacity for hate, probably much more than most)... but I deeply resent having my innocent server's e-mail held hostage, and being forced to work for Spamhaus unpaid. Had they NOT blacklisted the entire data center and instead ASKED me to work unpaid in an effort to rid the place of spammers, I would have been more than happy to cooperate. As it is, I feel like I've been strongarmed. Spamhaus used me and deprived me of any choice in the matter, and I had absolutely nothing to do with any spam sent to anyone from anywhere. The whole thing, in my opinion, was high-handed, arrogant, imperious, and deeply abusive of a power that should not exist in the unregulated form that it currently enjoys. If they want to block domains or IPs that are known to be spam sources, so be it... but this whole business of putting pressure on data centers via their innocent customers stinks like a ripe pig carcass left in a moldy sauna for the weekend.