on Thu, May 06, 2004 at 10:40:47AM -0700, Robin Lynn Frank (rlfrank@paradigm-omega.com) wrote: > On Thursday 06 May 2004 00:36, Paul Johnson, Paul Johnson <baloo@ursine.ca> > wrote: > > Steve Lamb <grey@dmiyu.org> writes: > > > Personally I haven't used any of my hosting company's email > > > servers since setting up my own server. In the same time I've > > > never sent out virus email or been an open relay. Yet because of > > > boneheaded ideas like the above I now have to get around idiotic, > > > lazy blocks. Tired of it. > > > > I agree. Dialup/residential IP lists used for blocking purposes is > > pretty retarded. However, using something like bl.spamcop.net, > > which only lists currently spamming IPs, is considerably more > > useful. > > Actually, you can block a lot of infected boxes by blocking dynamic > IPs, so there is something to be said for it. It's effective. It's easy. For a lot of sites, it's the least-pain solution. And for the rest of it: it's not going to go away any time soon. While I disagree with the principle of DUL/IPL blocking, I've pretty much given up on that battle. The problems with DUL/IPL blocking are: - It's an attribute-based, rather than activity-based block. It's effectively the same as redlining. - It's unaccountable. DUL/IPL IP ranges are blocked regardless of activity. They cannot be unblocked for cleaning up a mess. They're just...blocked. - The information provided by a DUL/IPL can be obtained pretty reliably from other sources. Including IP-specific blocklists *and* aggressive but accountable blocklists such as SPEWS which *are* targetted at _organizations_ which practice bad network management. Unfortunately for your typical consumer-grade ISP, the amount of work required (not much, but _some_) for a relatively minimal gain isn't worth the effort. In their calculus. > But tell me, since spamcop accepts reports from anyone able to click a > mouse button, which of the following are they NOT subject to? > > 1. Reports from people to stupid or lazy to unsubscribe lists or > newsletters they receive. > > 2. Spammers intentionally reporting legitimate mail sources with the > intent to keep the number of false positives high enough that > people will not risk using spamcop. > > In the past few days, I've seen netfilter.org's list and foxnews in > spamcop. They were both removed, but the fact remains that they > should never have been there to begin with. Broad-based reputation systems aren't easy. Particularly where creating identities is trivial. Been there. Done that. Didn't solve the problem either. Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? Moderator, Free Software Law Discussion mailing list: http://lists.alt.org/mailman/listinfo/fsl-discuss/
Attachment:
signature.asc
Description: Digital signature