on Thu, May 06, 2004 at 10:40:47AM -0700, Robin Lynn Frank (rlfrank@paradigm-omega.com) wrote:
> On Thursday 06 May 2004 00:36, Paul Johnson, Paul Johnson <baloo@ursine.ca>
> wrote:
> > Steve Lamb <grey@dmiyu.org> writes:
> > > Personally I haven't used any of my hosting company's email
> > > servers since setting up my own server. In the same time I've
> > > never sent out virus email or been an open relay. Yet because of
> > > boneheaded ideas like the above I now have to get around idiotic,
> > > lazy blocks. Tired of it.
> >
> > I agree. Dialup/residential IP lists used for blocking purposes is
> > pretty retarded. However, using something like bl.spamcop.net,
> > which only lists currently spamming IPs, is considerably more
> > useful.
>
> Actually, you can block a lot of infected boxes by blocking dynamic
> IPs, so there is something to be said for it.
It's effective. It's easy. For a lot of sites, it's the least-pain
solution. And for the rest of it: it's not going to go away any time
soon. While I disagree with the principle of DUL/IPL blocking, I've
pretty much given up on that battle.
The problems with DUL/IPL blocking are:
- It's an attribute-based, rather than activity-based block. It's
effectively the same as redlining.
- It's unaccountable. DUL/IPL IP ranges are blocked regardless of
activity. They cannot be unblocked for cleaning up a mess. They're
just...blocked.
- The information provided by a DUL/IPL can be obtained pretty
reliably from other sources. Including IP-specific blocklists *and*
aggressive but accountable blocklists such as SPEWS which *are*
targetted at _organizations_ which practice bad network management.
Unfortunately for your typical consumer-grade ISP, the amount of work
required (not much, but _some_) for a relatively minimal gain isn't
worth the effort. In their calculus.
> But tell me, since spamcop accepts reports from anyone able to click a
> mouse button, which of the following are they NOT subject to?
>
> 1. Reports from people to stupid or lazy to unsubscribe lists or
> newsletters they receive.
>
> 2. Spammers intentionally reporting legitimate mail sources with the
> intent to keep the number of false positives high enough that
> people will not risk using spamcop.
>
> In the past few days, I've seen netfilter.org's list and foxnews in
> spamcop. They were both removed, but the fact remains that they
> should never have been there to begin with.
Broad-based reputation systems aren't easy. Particularly where creating
identities is trivial. Been there. Done that. Didn't solve the
problem either.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Moderator, Free Software Law Discussion mailing list:
http://lists.alt.org/mailman/listinfo/fsl-discuss/
Attachment:
signature.asc
Description: Digital signature