spamhaus has gotten too agressive. Its now preventing too much legitimate email.
that's funny, really funny. s/spamhaus/maps/ or s/spamhaus/sorbs/ or indeed look at any receiver-side filtering mechanism that gets a little traction, and sooner or later folks will say it's too aggressive and prevents too much legitimate e-mail. "the internet" as a disintermediator is going to cause more things like maps and spamhaus and sorbs to be created and to become successful/effective over time. the only way to remain a successful sender of e-mail is to find a way to thread all of those needles at once, plus new ones that come along later. same thing for anti-spam features of common MTA's. once in a while someone can't get e-mail to me because they don't have a DNS-PTR or DNS-MX, or because their SMTP-HELO doesn't match their DNS-PTR, and they complain, quite rightly, that RFC821 doesn't require them to do it and that i'm in violation of the protocol by rejecting their e-mail. i usually respond by telling them my fax number. they usually respond by changing their DNS or SMTP configuration to conform to my violations of the protocol. lather, rinse, repeat. somebody told me the other day that we couldn't implement graylisting here because a lot of mail relays wouldn't retry for way too long, or would retry too quickly, or would retry from a different ip address each time, or etc. i said "our fax number is on the web page, so senders will have recourse." spam is fundamentally an exercise in unilateral cost shifting, by advertisers toward eyeballs, with all kinds of middlemen. to cope with this, these costs are going to have to be shifted elsewhere. it would be loverly to shift them back toward advertisers, with fines and lawsuits and lost connectivity and increased transit disconnection/reconnection fees, but that's not working. (compare the u.s. federal anti-spam law with california's to see what i mean.) so, the costs are being shifted toward legitimate e-mail senders. oh well. if somebody can't reach you because they don't know how to thread the needle, then send them your fax number or postal address. getting legitimate e-mail has to become the sender's problem, because receiver costs are too high now. i'm not preaching that this should be so; i'm explaining that it's become so. it's like with chris and sean not being able to disco their spewing endsystems: just because the source-provider or transit-provider doesn't make connectivity less available to these spewers, doesn't mean it won't become less available. all it does is change who does it, and it usually ends up getting done by folks whose tools aren't as sharp as the (source|transit)-provider's. it's a very twisted variation on "you broke it, you bought it."