[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Every spam is sacred: tagging mails because of their content or their supposed origin?

> > > "good ISPs". I bet that most ISPs do not have their main SMTP servers as
> > > an open relay, because otherwise they would have serious connectivity
> > > problems with the rest of the world.
> >
> > But you are indeed also talking in terms of "bad ISPs" and "good
> > ISPs", even if you did not write these words.
> 
> No, there is no such thing. DSBL list individual IPs. They do not
> list "ISPs". How many times do I have to repeat this?

It's almost the same.
The "bad ISPs", will get their IPs caught.


> > You are betting that most ISPs are careful about spam issues, what
> > we can easily call "good ISPs" (term I did not used) or "decent
> > ISPs".  You are proposing to block/tag mails that come from some
> > ISPs,
> 
> No, forget about ISPs.

Replace ISPs by IP, it does not make it better.

Even worse. I got a cable connection with an IP that change rarely,
several times in a month. I use my local SMTP, not my ISP one (don't
wanna be bothered with the ISP discontinuously working services).
If a user of my ISP run an misconfigured SMTP, as open-relay, a IP that
belong to my ISP will be blocked. 
A month a ago, I may get myself this blocked IP (given by a
dhcpd)... I let  you imagine the next step.

I hope, and guess, that DNSBL does not list IP so easily*. But the way
it works is questionable to me:
        You do not block a mail because, by examining its content, it
        appears to be obvious spam, but because you assume that the IP
        it came from can only send spam. 
 
(* I suppose it has been enhanced since Debian was added in such list)


> No, it's each individual IP the one which might be "good" or "bad",
> not the entire ISP.

It makes it worse to me.


> See, ISP "foo" may have well configured SMTP servers which are not
> open relays and everybody in such ISP (except a lot of spammers and
> some Unix people) use them to send email. No problem with this.
> 
> But a bad user (probably using Windows) may get a virus or have a
> badly unconfigured software installed which makes his machine to
> become an open relay. As soon as spammers discover this, his machine
> will be abused.
> 
> So it is logical for other ISPs not to accept mail *directly* from
> this machine if they verify it's an open relay, since the normal
> traffic from this ISP comes from the good main SMTP servers, which are
> not open relays, and it's what people are "expected" to use.

An IP is not a proof of identity, as long as your are not yourself the
provider of the IP.

If you block today an IP, you can't be sure you're a blocking the SMTP
that spammed you yesterday. 

I do not know how spamming companies works exactly. If I were them, I
would not buy a static IP to send spam everyday but I would buy a
dynamic IP, with a dial-up connection (IP that change at each
connection) - blocking my IP efficiently would be blocking every IP of
my ISP. The only solution would be to write to abuse@ISP to get my
contract with the ISP over.
What could be done also if I had a static IP.

>From this perspective, I'm surprised that DNSBL only catch bad men,
with "bad IPs". But maybe the DNSBL is too new, not enough used, to be
a cause of pain for spammer, so they do not give a toss about it.

I'm not saying DNSBL are completely stupid. it may push deliberately
Open-Relay servers to vanish.

But I definitely find spamassassin conceptually much better - because
it really takes a mail for what it is. It cannot be trapped. Because
if the DNSBL one day become a major problem to spammers, who knows
what kind of methods they may use to attack them.

If you are to tag each mail transiting at debian.org, I think better
to do it with spamassassin. And please, do it for the mailing-list
too. Spam is not only an issue for debian developers but also for
debian users, that do not got a @debian.org but are a priority in DFSG
;)

(I'm not speaking for myself, as I benefit already of spamassassin
tagging my mails)

Only debian people will get their bandwidth usage reduced, because the
others will still download the tagged mails (while debian people will
edit their .procmailrc on debian machines directly). 





It leads me to another question: will the mailing-list archives be
filtered? At mail.[non]gnu.org, mails tagged as spam by spamassassin
are not delivered to the archives (while they are to mailing-list
subscribers). 

At this point, a decision must be made, whatever the fact that you use
spamassassin or a DNSBL. Because spam on archives is also
harassing. But if the solution you pick destroy 10 false positives by
day, it's a problem...




-- 
Mathieu Roy
 
  Homepage:
    http://yeupou.coleumes.org
  Not a native english speaker: 
    http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english
Reply to: