[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]

On Tue, May 07, 2002 at 12:22:26PM +1000, Russell Coker wrote:
> On Tue, 7 May 2002 11:43, Craig Sanders wrote:
> > > -------------------------------
> > > Q41: How does one contact SPEWS?
> > > A41: One does not. SPEWS does not receive email - it's just an automated
> > > system and website, SPEWS and other blocklist issues can be discussed in
> > > the public forums mentioned above... Note that posting messages in these
> > > newsgroups & lists will not have any effect on SPEWS listings
> >
> > the fact is that SPEWS lists known spam sources.    this is good.  i
> > *WANT* known spam sources to be blocked.  I don't want to receive mail
> > from known spam sources.  you seem to think that there's something wrong
> > with this.
> Jason has complained in the past about his IP addresses being listed
> in spews even though none of them has ever been used for sending spam.
> Simply because he lives in a country that contains lots of open relays
> is enough to be listed as a spammer.  Is this a better policy than
> spamcop?

well, then, all he has to do is move to another country. problem solved,
right?  after all, if it's a documented policy, it must be right and he
has no cause to complain...any more than anyone else has cause to
complain about spamcop's documented policy.

the point here is that shit happens and mistakes are made.  the solution
is to do what can be done to correct them, not use it as justification
for errors and/or stupidity by others.

personally, i suspect that jason is exaggerating the problem or
deliberately misleading as to the cause.  i use RBLs that incorporate
SPEWS data, yet i'm still capable of receiving mail from china and korea
and other asian & eastern-european countries which are known to have
huge spam & open-relay problems.  the only hosts that are rejected due
to SPEWS are those that are confirmed open relays or spam sources.

my bet is that there is some other reason for his IP address being
listed in SPEWS, and rather than fix the problem he has chosen to just
flame SPEWS.

> > > ISP is (eg. Sprint), they will still block them. In Spamcop's
> > > case, it won't ban large ISPs, because if you tell them a general
> > > figure for the mail volume, it will take that into consideration.
> >
> > why the hell should an RBL care how big an ISP is?  it's not
> > relevant - they're either part of the spam problem or they're not.
> > size doesn't come into it.
> It is relevant.  In my spare time I run two small ISPs in Melbourne.
> The total user-base of them both is <1000 users, logs are carefully
> watched, and spam incidence is almost zero.  18 months ago I was
> running one of Europe's larger ISPs with >500,000 users (probably
> comparable to the entire online population of Australia).  The amount
> of spam reports was hugely higher as you would expect primarily
> because of having a larger user base.

it's still not relevant.  a host is either a spam problem or not.  if it
is a problem, then it should be blacklisted regardless of the size of
the ISP responsible for it.  if it's not a problem, then it shouldn't be

> Blocking one of the smaller Melbourne ISPs because of 10 different
> people complaining about spam in one day is reasonable.  But blocking
> zonnet.nl for less than 500 spam reports would be totally
> unreasonable!

you seem to think that automatic blocking because there has been a
complaint is valid.

it's not.  complaints mean nothing.  any idiot can make a complaint, and
most complaints are self-evidently made by idiots.   hardly anyone who is
capable of reading headers isn't going to waste their time reporting to
spamcop, they're going to maintain their own filters instead....which
leaves the vast majority of spamcop reporters being idiots.   garbage
in, garbage out.

RBLs should only list sites that are proven to be either an open relay,
spam source, or other real problem.  listings based on complaints should
be manually checked by a human, not processed automatically with a

> > that's one of the problems with spamcop.  if a host deserves to be
> > listed in an RBL, then it should be listed regardless of how large
> > the ISP is.  otherwise you end up with notorious spam-havens like
> > uunet being immune to listing no matter how many pink contracts they
> > sign, while small ISPs get listed just because some vermin spammer
> > forged their IP address in a Received line.
> Changing the weighting takes care of that.  

no, it doesn't.   weighting only makes a difference if you accept the
basic validity of the method.  the method isn't valid, it is
fundamentally flawed.

> A large ISP with a bad policy on spam could have the same weighting as
> a small ISP with a good policy.  

that's completely counterproductive.

a bad (i.e. spamhaven) ISP should be blacklisted regardless of their
size.  good ISPs shouldn't be blacklisted.

> Let's assume that the administrators of SpamCop are not stupid!

why?  that assumption contradicts all the evidence available.

> > it's also obvious just from looking at headers in spam that spammers
> > are definitely aware of how spamcop works and are deliberately
> > forging IP addresses and domain names belonging to anti-spammers.
> Could you please send me a copy of such a spam for analysis purposes?

i don't keep copies of every spam i receive.

look at your own spam.  you'll see the patterns.  


craig sanders <cas@taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: