RE: spamcop

To: <debian-user@lists.debian.org>
Subject: RE: spamcop
From: "Seth Goodman" <sethg@GoodmanAssociates.com>
Date: Wed, 20 Sep 2006 18:01:38 -0500
Message-id: <[🔎] MHEGIFHMACFNNIMMBACAIEPFNEAA.sethg@GoodmanAssociates.com>
Reply-to: <sethg@GoodmanAssociates.com>
In-reply-to: <[🔎] 200609202118.k8KLIYWU014105@isp2dial.com>

On Wednesday, September 20, 2006 3:19 PM -0500, John Kelly wrote:

> On Wed, 20 Sep 2006 15:33:05 -0500, "Seth Goodman"
> <sethg@GoodmanAssociates.com> wrote:
>
> > Did anyone investigate the problem and make this request?
>
> If they're not self motivated, I have no incentive to use them.

I don't particularly want to defend these guys.  I'm defending
spamtrap-based DNSBL's, not any specific list.  Expecting anybody to
notice that a server from any friendly organization was listed is a bit
much.  If someone from Debian contacted them and didn't get anywhere,
that would be a different story.

> > Any DNSBL is subject to gaming by spammers who would like to
> > curtail the use of DNSBL's in general and spamtraps in particular.
>
> No, not any.  Just spamtrap based lists poorly administered.

Spamtraps are easily manipulated for any server that sends out
confirmation messages, and some lists are better than others.  While I
don't like the idea that a Debian server is listed anywhere, it is
reasonable to expect that someone would contact the list maintainers.
In the case that it is impossible to avoid sending mail to a spamtrap,
as for any machine that sends confirmation messages from a web form, and
the server admins are known to deal with abuse complaints, then
whitelisting is appropriate.  However, it is not unreasonable to expect
that someone would request it.

> My three step defense works fine without spamcop:
>
>  1) require matching DNS, forward and reverse

I personally advocate this approach, although it is not strictly
RFC-compliant, so some large servers won't use it.

>  2) use regex tests for dynamic/dialup host names (works because #1
> strictly enforced, and thus hostname is known)

Even if you don't reject on !exist(reverse)||(reverse != forward), you
can still use the reverse on the IP for the regexp and reject for "local
policy" when it matches.

> 3a) query dynablock.njabl.org for any dynamic hosts missed by my
> local checks in step 2
>
> 3b) query a few GOOD, RELIABLE dnsbls:
>
>     dnsbl.njabl.org
>     list.dsbl.org
>     sbl-xbl.spamhaus.org

This is a very reasonable set of lists.  I believe that dnsbl.njabl.org
is a subset of xbl.spamhaus.org, so the first query is redundant (unless
you are trying to limit spamhaus queries).

--
Seth Goodman

Reply to:

Follow-Ups:
- Re: spamcop
  - From: John Kelly <jak@isp2dial.com>

References:
- Re: spamcop
  - From: John Kelly <jak@isp2dial.com>

Prev by Date: local users not working, but ldap ones are fine
Next by Date: Using a debian desktop as a remote boot server?
Previous by thread: Re: spamcop
Next by thread: Re: spamcop
Index(es):
- Date
- Thread