zombie anti-spammers? fabulous

[rone]

Dear dr_strych9: please supplement my arguments against real-time blackhole lists with this delightful story about a blackhole list that came back to life fifteen months after its death and caused all its subscribers' incoming mail to bounce.

Comments

[zonereyrie.livejournal.com]

I've run into that personally, just recently. Someone used the comment form on my GizmoLovers.com site to ask me a question. So I replied to them at the email address they used. Only they used their work email address. I got a bounce with a standard error - 550 or something like that, saying it was spam. I figured it was because I mentioned some pricing and such, so I send a plain message - it bounced the same way. Eventually I contacted their postmaster - turns out they have a 'no non-work email' filter rule, which they lumped in with their anti-spam rules. I was a little annoyed at being called a spammer by their ruleset, but mainly I was annoyed at the bad configuration they used that caused that. If they want to block non-work email, fine - but send an appropriate message to that effect, not a red herring about spam.

I think most people understand mistakes happen, and if you fix it quickly they'll get over it. In our case, since mail hits the white list first, even a 100% false positive RBL wouldn't impact email with anyone we have exchanged email with in the past. (The list auto-updates - anyone a user emails is on the list.) So it would only block any new senders, which is less of a problem.

I would never recommend relying on RBLs as your only line of defense, or thinking they're infallible. But I think they can be part of defense in depth. Spam is a huge issue, and no one solution will take care of it all.

At work mail goes through many filters - first the coarse whitelist on our relay that only allows email to valid addresses through, then commercial software on Exchange that runs through a number of filters - SPF, white list, a corporate blacklist (addresses we blocked), a phishing blacklist, a spam address BL, then a DNS RBL, keyword filter, header filter (malformed/forgeries), bayesian... probably others I forgot. And then I have Outlook's Junk Mail filter turned on, which catches a lot of the spam that makes it that far.

In the end I end up with only a little spam making it into my inbox - which is a lot better than a few years ago, before all of this was in place. Before the commercial system we had a lashed-up SpamAssassin setup, but that took a lot more labor to keep working well, and was never as effective really. And before that, when I first got here, we didn't have any anti-spam. That was suboptimal.