[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SPAM fiiltering

On Sat, Nov 02, 2002 at 04:07:28AM -0800, Paul Johnson wrote:
> On Sat, Nov 02, 2002 at 11:51:50AM +0000, Colin Watson wrote:
> > Paul Johnson wrote:
> > > Spamcop email address.  If the number of messages reported by humans
> > > as spam via Spamcop exceeds 2%, that IP gets blacklisted for 7 days,
> > > the spam percentage goes back below 2%, or until the ISP notifies SC
> > > that it's fixed.  SC seems to be the most effective, with nearly
> > > surgical precision.
> > 
> > So that would be why they blacklisted master.debian.org a while back?
> Yup.  Spam was sent through on a mailing list, so when it checked the
> headers, it came back to m.d.o, among other places.  It also found the
> originating source of the spam.
> I believe someone in charge of the server was notified automatically
> by Spamcop of the mailing list rape, and given a login they could use
> to choose how Spamcop handles the incident and, to a lesser extent,
> how to handle situations in the future for m.d.o.  Had this person
> been paying attention, they could have flagged m.d.o as an Innocent
> Bystander and it would have been removed sooner than m.d.o going back
> down below 2% two days after.

Nevertheless, it rather reduces my faith in their "surgical precision".

> Ironically, the source of the spam, which Spamcop also detected, was
> already listed in the Spamcop BL.  Had m.d.o been using it as a
> droplist, the BL would have provided warning not to talk to the
> spamming box.

That's a null argument, and would apply to pretty much any RBL
regardless of their accuracy.


Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to: