Every spam is sacred

To: debian-devel@lists.debian.org
Subject: Every spam is sacred
From: Santiago Vila <sanvila@unex.es>
Date: Thu, 12 Jun 2003 02:18:57 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.56.0306120118450.22424@home.unex.es>

Greetings.

I'm having a nice discussion with debian-admin. It started when I
asked them to add ": sbl.spamhaus.org/warn : list.dsbl.org/warn"
to the rbl_domains variable in master's exim.conf.

This would tag messages coming from IPs listed in the SBL and DSBL
(two well known DNS Blocking Lists) by adding a X-RBL-Warning: header
to them, which will serve to evaluate whether or not using them in
/reject mode would really produce an unacceptable number of false
positives, as debian-admin claims.

[ I estimate that we could easily get rid of 50% of all spam
  by just using those two lists, with negligible false positives
  if these lists follow their listing criteria ].

They have said "no" using (more or less) the following reasoning:
Since Debian machines have been listed in several DNSBLs in the past,
we should not use ANY of them ourselves (which is like saying: since
we have sent tons of spam in the past via our mailing lists, we should
accept ALL the spam we receive). Does somebody understand this?

So far they have failed to tell which DNSBLs are the ones in which we
got listed, or even if they were or not the SBL or the DSBL.

debian-admin: In which DNSBLs we got listed and why, and how this
relates to using (or not) the SBL and the DSBL in master to protect
ourselves against the spam we receive?

How will we be able to discuss about DNS Blocking Lists in an objective
way if they continue to put all the DNSBLs in the same bag? How can
they say "no" to using some of them in /warn mode without (apparently)
even having informed themselves about the way SBL and DSBL operate?

Perhaps we like receiving the huge amounts of spam we receive at our
@debian.org addresses so much that we can't even think of blocking
some of it?

Even if using SBL and DSBL would produce false positives (we could
easily check this by using the /warn mode during a week or two), there
is still a question that we should ask ourselves: How many avoided
spam messages are required to match the value of one "false positive"?
One thousand? One million?

For reference, you will find more info about the SBL and DSBL here:

Spamhaus Blocking List:

http://www.spamhaus.org/sbl/

Distributed Server Boycott List:

http://dsbl.org/


Those are just two well known DNSBLs, but there are a lot of them, see

http://www.declude.com/junkmail/support/ip4r.htm

for a big list of them.


Thanks.

Reply to:

Follow-Ups:
- Re: Every spam is sacred
  - From: "Carl B. Constantine" <duckwing@duckwing.ca>
- Re: Every spam is sacred
  - From: Theodore Ts'o <tytso@mit.edu>
- Re: Every spam is sacred
  - From: Thomas Viehmann <tv@beamnet.de>
- Re: Every spam is sacred
  - From: Duncan Findlay <duncf@debian.org>
- Re: Every spam is sacred
  - From: "Marcelo E. Magallon" <mmagallo@debian.org>
- Re: Every spam is sacred
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: Every spam is sacred
  - From: Don Armstrong <don@donarmstrong.com>
- Proposal for using SpamAssassin in master.d.o [Was: Re: Every spam is sacred]
  - From: Jesus Climent <jesus.climent@hispalinux.es>

Prev by Date: Re: texmf.cnf again
Next by Date: Re: Autobuild time-saving proposal
Previous by thread: Why gimp-print and cupsys aren't in testing
Next by thread: Re: Every spam is sacred
Index(es):
- Date
- Thread