[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]

On Tue, 7 May 2002 11:43, Craig Sanders wrote:
> > -------------------------------
> > Q41: How does one contact SPEWS?
> > A41: One does not. SPEWS does not receive email - it's just an automated
> > system and website, SPEWS and other blocklist issues can be discussed in
> > the public forums mentioned above... Note that posting messages in these
> > newsgroups & lists will not have any effect on SPEWS listings
> the fact is that SPEWS lists known spam sources.    this is good.  i
> *WANT* known spam sources to be blocked.  I don't want to receive mail
> from known spam sources.  you seem to think that there's something wrong
> with this.

Jason has complained in the past about his IP addresses being listed in spews 
even though none of them has ever been used for sending spam.  Simply because 
he lives in a country that contains lots of open relays is enough to be 
listed as a spammer.  Is this a better policy than spamcop?

> > ISP is (eg. Sprint), they will still block them. In Spamcop's case, it
> > won't ban large ISPs, because if you tell them a general figure for
> > the mail volume, it will take that into consideration.
> why the hell should an RBL care how big an ISP is?  it's not relevant -
> they're either part of the spam problem or they're not.  size doesn't
> come into it.

It is relevant.  In my spare time I run two small ISPs in Melbourne.  The 
total user-base of them both is <1000 users, logs are carefully watched, and 
spam incidence is almost zero.  18 months ago I was running one of Europe's 
larger ISPs with >500,000 users (probably comparable to the entire online 
population of Australia).  The amount of spam reports was hugely higher as 
you would expect primarily because of having a larger user base.

Blocking one of the smaller Melbourne ISPs because of 10 different people 
complaining about spam in one day is reasonable.  But blocking zonnet.nl for 
less than 500 spam reports would be totally unreasonable!

> that's one of the problems with spamcop.  if a host deserves to be
> listed in an RBL, then it should be listed regardless of how large the
> ISP is.  otherwise you end up with notorious spam-havens like uunet
> being immune to listing no matter how many pink contracts they sign,
> while small ISPs get listed just because some vermin spammer forged
> their IP address in a Received line.

Changing the weighting takes care of that.  A large ISP with a bad policy on 
spam could have the same weighting as a small ISP with a good policy.  Let's 
assume that the administrators of SpamCop are not stupid!

> > Forged headers? I report spam to spamcop almost daily when I have the
> > time, and rarely does it have a problem.
> rarely is not the same as never.  rarely just means that there is a
> fundamental flaw in their method but that nobody has decided to use
> spamcop to attack a third party's ability to communicate yet.  it would
> be trivial to write a script to do so.
> it's also obvious just from looking at headers in spam that spammers are
> definitely aware of how spamcop works and are deliberately forging IP
> addresses and domain names belonging to anti-spammers.

Could you please send me a copy of such a spam for analysis purposes?

If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: