On 10/01/2015 08:18 PM, cortana5@gmail.com wrote:
Excuse my probable ignorance of such matters, but would it not then be preferred to create a whitelist of proven Email servers/ip's , and just drop the rest? Granted, one would have to create a process to vet anyone creating a new email server, but would that not be easier then trying to create and maintain new blacklists?
Define "proven e-mail servers and IPs." Just because someone raises their hand and says "I run a mail server" doesn't mean that the hand-raiser doesn't have a ton of people behind him/her who spew spam at a frightening rate. Even when the hand-raiser represents a large company, that's no guarantee of a mail admin with clue or care. I got started in the personal mail-server game when Pacific Telesys lost control of its mail servers, and ended up with the IPv4 addresses blacklisted to hell. In order to be able to contribute to the Linux Kernal mailing list, I ended up setting up my own Postfix box, and doing everything necessary to be identified as following Best Practices regarding mail. Good training for later, it turns out. When I became the mail admin for a Web hosting company, I had to work like hell to (1) clean up the mail, and (2) convincing all the blacklists that I had successfully terminated the spammers. SPEWS, even. A dedicated-server customer was providing DNS service to spammers, which resulted in my company's entire /21 being blacklisted. I went through a private hell re-jiggering the web host mail system (Plesk, CPanel, among other web hosting products) to be able to control both inbound and outbound spam. But I did it. ALso, satisfied AOL, Yahoo, and other mailhost companies to accept my mail. Not to mention providing custom levels of spam control for my customers -- some wanted no spam blocks, others wanted no spam. No middle ground.