Don't forget racketeering. "A person who commits crimes such as extortion, loansharking, bribery, and obstruction of justice in furtherance of illegal business activities." I think most network operators have learned about the ultra-liberal listing activities of RBLs these days. -Michael -- Michael Nicks Network Engineer KanREN e: mtnicks@kanren.net o: +1-785-856-9800 x221 m: +1-913-378-6516 Dean Anderson wrote:
SORBS is a well-known abusive/defamatory blacklist. In the US, that violates a number of state and federal laws:
1. defamation 2. illegal group boycott in violation of antitrust act 3. (usually) unauthorized blocking by ISP in violation of its contract with its customer, which is a violation of the electronic communications privacy act. 4. There are frequently state laws that apply to electronic communications that are even more broad.
You _can_ make the US based ISP not use SORBS. Most ISPs know better, already.
--Dean
See also http://www.iadl.org.
--Dean
On Mon, 7 Aug 2006, Brian Boles wrote:
Can someone from SORBS contact me offlist if they are on here....
On Tue, 8 Aug 2006, Stefan Hegger wrote:
We have the same problem. We are blacklisted and I filled out the webform. I got an email regarding ticket number and account/password to track the ticket. But it seems that nobody is working on it.
There has been extensive discussion on NANAE and NANABl newsgroups on this issue. The bottom line: The SORBS ticket queue is handled by a group of unpaid volunteers, and there is quite a backlog.
That's why there is the automatic de-listing system in place, which requires proper host names and longer time-to-live (TTL) values in rDNS.
Yes, it's a bit of work, but it beats waiting for someone to get around to your ticket.
No, I'm not associated in any way with SORBS, just an interested observer and system administrator who has had to deal with listings myself.
On Tue, 8 Aug 2006, Michael Nicks wrote:
Sad state of affairs when looney people dictate which IPs are "good" and "bad".
On Tue, 8 Aug 2006, S. Ryan wrote:
Even worse if your ISP uses it and demands you ask the 'offender' to get 'themselves' removed.
I think we can sufficiently indict SORBS by saying that they are a poorly managed email blacklist which isn't used by anyone with a clue, without putting on our tinfoil hats. http://www.iadl.org makes some interesting claims, but anyone who puts Paul Vixie in the same list of offenders with Alan Brown and Matt Sullivan is clueless at best. SORBS, SPEWS, etc. are a problem, but they aren't a criminal conspiracy, and claiming that they are isn't going to win any points among people who haven't followed the instructions at http://zapatopi.net/afdb/build.html Michael Nicks wrote:
Don't forget racketeering.
"A person who commits crimes such as extortion, loansharking, bribery, and obstruction of justice in furtherance of illegal business activities."
I think most network operators have learned about the ultra-liberal listing activities of RBLs these days.
-Michael
Albert Meyer wrote:
I think we can sufficiently indict SORBS by saying that they are a poorly managed email blacklist which isn't used by anyone with a clue, without putting on our tinfoil hats. http://www.iadl.org makes some interesting claims, but anyone who puts Paul Vixie in the same list of offenders with Alan Brown and Matt Sullivan is clueless at best. SORBS, SPEWS, etc. are a problem, but they aren't a criminal conspiracy, and claiming that they are isn't going to win any points among people who haven't followed the instructions at http://zapatopi.net/afdb/build.html
Please parse usage of "you and your" as being generic and not directed at Albert Meyer except insomuch that I am replying to his message, thanks. Correct me if I'm wrong but this thread started because someone acquired from ARIN IP Space which was previously infested with spammers. The person acquiring the IP space sent multiple tickets (which annoys the crap out of every support list I've ever contacted) within the period of "less than a week". CAN-SPAM which is a poorly conceived and almost totally unenforced law allows spammers one week to remove users from their lists, and this person seems to expect instant turnaround from a volunteer organization. It's unfortunate that he got tainted space from a RIR, and further unfortunate that it takes time to process removals, and further unfortunate that he is not capable of reading and following the directions on Matthew's website which clearly describe how to achieve removal from SORBS. Calling unpaid volunteers "clueless" because they don't process removals instantly is in and of itself clueless, especially considering that 1. dozens of people are removed from SORBS daily and 2. this person has failed to follow the stated policies and procedures to be removed from SORBS. SORBS, SPEWS, The AHBL all operate on their own set of rules, it's up to the administrators of the mail servers that use our lists whether or not they agree with our policies. Remember, and this is very important: When blacklisting there is no such thing as a "false positive". You are either blocked or you aren't at the determination of the administrator using our list. Blacklisting is not, nor has it ever been based on whether your message is spam or not. If it helps you, think of it more as wanted and unwanted e-mail. By using SORBS the administrator is stating "I do not want e-mail from people Matthew believes are spammers", and only a clueless person would think to enforce their will on someone else's mail server. And yes if you request removal from the AHBL and can't follow the simple removal instructions, you are in my mind and in my list too clueless to contribute e-mail to the public Internet, I therefore don't miss your traffic and have never had one of my users complain that they miss it either. -- Andrew D Kirch | Abusive Hosts Blocking List | www.ahbl.org Security Admin | Summit Open Source Development Group | www.sosdg.org Key fingerprint = 4106 3338 1F17 1E6F 8FB2 8DFA 1331 7E25 C406 C8D2
Actually I think this thread progressed from someone getting dirty blocks, to complaining about liberal-listing-RBLs (yes SORBS is one), to RBLs defending themselves and their obviously broken practices. We should not have to jump through hoops to satisfy your requirements. Best Regards, -Michael -- Michael Nicks Network Engineer KanREN e: mtnicks@kanren.net o: +1-785-856-9800 x221 m: +1-913-378-6516 Andrew D Kirch wrote:
Albert Meyer wrote:
I think we can sufficiently indict SORBS by saying that they are a poorly managed email blacklist which isn't used by anyone with a clue, without putting on our tinfoil hats. http://www.iadl.org makes some interesting claims, but anyone who puts Paul Vixie in the same list of offenders with Alan Brown and Matt Sullivan is clueless at best. SORBS, SPEWS, etc. are a problem, but they aren't a criminal conspiracy, and claiming that they are isn't going to win any points among people who haven't followed the instructions at http://zapatopi.net/afdb/build.html
Please parse usage of "you and your" as being generic and not directed at Albert Meyer except insomuch that I am replying to his message, thanks. Correct me if I'm wrong but this thread started because someone acquired from ARIN IP Space which was previously infested with spammers. The person acquiring the IP space sent multiple tickets (which annoys the crap out of every support list I've ever contacted) within the period of "less than a week". CAN-SPAM which is a poorly conceived and almost totally unenforced law allows spammers one week to remove users from their lists, and this person seems to expect instant turnaround from a volunteer organization. It's unfortunate that he got tainted space from a RIR, and further unfortunate that it takes time to process removals, and further unfortunate that he is not capable of reading and following the directions on Matthew's website which clearly describe how to achieve removal from SORBS. Calling unpaid volunteers "clueless" because they don't process removals instantly is in and of itself clueless, especially considering that 1. dozens of people are removed from SORBS daily and 2. this person has failed to follow the stated policies and procedures to be removed from SORBS. SORBS, SPEWS, The AHBL all operate on their own set of rules, it's up to the administrators of the mail servers that use our lists whether or not they agree with our policies. Remember, and this is very important: When blacklisting there is no such thing as a "false positive". You are either blocked or you aren't at the determination of the administrator using our list. Blacklisting is not, nor has it ever been based on whether your message is spam or not. If it helps you, think of it more as wanted and unwanted e-mail. By using SORBS the administrator is stating "I do not want e-mail from people Matthew believes are spammers", and only a clueless person would think to enforce their will on someone else's mail server. And yes if you request removal from the AHBL and can't follow the simple removal instructions, you are in my mind and in my list too clueless to contribute e-mail to the public Internet, I therefore don't miss your traffic and have never had one of my users complain that they miss it either.
-- Andrew D Kirch | Abusive Hosts Blocking List | www.ahbl.org Security Admin | Summit Open Source Development Group | www.sosdg.org Key fingerprint = 4106 3338 1F17 1E6F 8FB2 8DFA 1331 7E25 C406 C8D2
Michael Nicks wrote:
Actually I think this thread progressed from someone getting dirty blocks, to complaining about liberal-listing-RBLs (yes SORBS is one), to RBLs defending themselves and their obviously broken practices. We should not have to jump through hoops to satisfy your requirements.
Fair enough. End users ought not to have the functionality of email destroyed because originating SP's won't show due diligence in preventing abuse of the network. If you don't like SORBS, don't use it. Don't send email to anybody who does. -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Laurence> End users ought not to have the functionality of email Laurence> destroyed because originating SP's won't show due Laurence> diligence in preventing abuse of the network. This is crisis mongering of the worst sort. Far more damage has been done to the functionality of email by antispam kookery than has ever been done by spammers. I have one email address that has: Existed for over a decade. Been posted all over Usenet and the Web in unmangled form. Only three letters so it gets spam from the spammers that send copies to every possible short address. All blacklisting turned off because that was causing too much mail to go into a black hole. In short it should be one of the worst hit addresses there is. All I have to do to make it manageable is run spamassassin over it. That is the mildest of several measures I could use to fix the "spam problem". If it became truly impossible I could always fall back to requiring an address of the form "apoindex+<password>" and blocking all the one's that don't match the password(s). That would definitely fix the problem and doesn't require any pie in the sky re-architecting of the entire Internet to accomplish. For almost a decade now I have listened to the antispam kooks say that spam is going to be this vast tidal wave that will engulf us all. Well it hasn't. It doesn't show any sign that it ever will. In the meantime in order to fix something that is at most an annoyance people in some places have instigated draconian measures that make some mail impossible to deliver at all or *even in some case to know it wasn't delivered*. The antispam kooks are starting to make snail mail look good. It's pathetic. The functionality of my email is still almost completely intact. The only time it isn't is when some antispam kook somewhere decides he knows better than me what I want to read. Spam is manageable problem without the self appointed censors. Get over it and move on.
Allan Poindexter wrote:
The functionality of my email is still almost completely intact. The only time it isn't is when some antispam kook somewhere decides he knows better than me what I want to read. Spam is manageable problem without the self appointed censors. Get over it and move on.
Interesting comment - so would you consider as it is my network, that I should not be allowed to impose these 'draconian' methods and perhaps I shouldn't be allowed to censor traffic to and from my networks? Should you not be allowed to censor my traffic going to your network (if any)? The "self appointed censors" are not self appointed - they produce lists the admins of their own networks choose what traffic to accept or deny, if they choose to accept or deny based on a third party it doe not automatically make that person a "self appointed censor". Regards, Mat
Matthew> so would you consider as it is my network, that I should Matthew> not be allowed to impose these 'draconian' methods and Matthew> perhaps I shouldn't be allowed to censor traffic to and Matthew> from my networks? If you want to run a network off in the corner by yourself this is fine. If you have agreed to participate in the Internet you have an obligation to deliver your traffic. At LISA a couple of years ago a Microsoftie got up at the SPAM symposium and told of an experiment they did where they asked their hotmail users to identify their mail messages as spam or not. He said the users got it wrong some small percentage amount of the time. I was stunned at the arrogance and presumption in that comment. You can't tell from looking at the contents, source, or destination if something is spam because none of these things can tell whether the message was requested or is wanted by the recipient. The recipient is the only person who can determine these things. There are simple solutions to this. They do work in spite of the moanings of the hand wringers. In the meantime my patience with email "lost" silently due to blacklists, etc. is growing thin.
On Wed, 9 Aug 2006, Allan Poindexter wrote:
moanings of the hand wringers. In the meantime my patience with email "lost" silently due to blacklists, etc. is growing thin.
don't let some third party you have no relation to determine the 'fate' of your email/messages? with all blacklists you run the same risk, someone else now controls the fate of your 'service'. Unless you have some very large hammer to beat them with it's going to cause you pain eventually, when they decide that ${PROVIDER} is 'gone black' or whatever they call it these days... or they just fat finger some entry. -Chris
So with all this talk of Blacklists... does anyone have any suggestions that would be helpful to curb the onslaught of email, without being an adminidictator? Right now, the ONLY list we are using is that which is provided through spamcop. They seem to have a list that is dynamic and only blacklists during periods of high reports, then takes them off the list after a short time... Or am I just a little naive? Robert Hantson Network Operations Director QBOS, Inc - Dallas Texas www.qbos.com -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Christopher L. Morrow Sent: Wednesday, August 09, 2006 10:19 PM To: nanog@merit.edu Subject: Re: SORBS Contact On Wed, 9 Aug 2006, Allan Poindexter wrote:
moanings of the hand wringers. In the meantime my patience with email "lost" silently due to blacklists, etc. is growing thin.
don't let some third party you have no relation to determine the 'fate' of your email/messages? with all blacklists you run the same risk, someone else now controls the fate of your 'service'. Unless you have some very large hammer to beat them with it's going to cause you pain eventually, when they decide that ${PROVIDER} is 'gone black' or whatever they call it these days... or they just fat finger some entry. -Chris
On Wed, 9 Aug 2006, Robert J. Hantson wrote:
So with all this talk of Blacklists... does anyone have any suggestions that would be helpful to curb the onslaught of email, without being an adminidictator?
Right now, the ONLY list we are using is that which is provided through spamcop. They seem to have a list that is dynamic and only blacklists during periods of high reports, then takes them off the list after a short time...
Or am I just a little naive?
reference comment below about 'hammer to beat with' ... spamcop you aren't paying for that 'service' right? So what happens when someone reports someone you do business with? or messes up a report that affects someone you do business with? "Oops! dropped your email due to a thirdparty we let 'moderate' our email, sorry!" you COULD monitor deliveries to unused addresses in your domain and blacklist based on that... but that's a little dicey at times as well :(
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Christopher L. Morrow On Wed, 9 Aug 2006, Allan Poindexter wrote:
moanings of the hand wringers. In the meantime my patience with email "lost" silently due to blacklists, etc. is growing thin.
don't let some third party you have no relation to determine the 'fate' of your email/messages? with all blacklists you run the same risk, someone else now controls the fate of your 'service'. Unless you have some very large hammer to beat them with it's going to cause you pain eventually, when they decide that ${PROVIDER} is 'gone black' or whatever they call it these days... or they just fat finger some entry.
-Chris
On Aug 9, 2006, at 8:29 PM, Robert J. Hantson wrote:
So with all this talk of Blacklists... does anyone have any suggestions that would be helpful to curb the onslaught of email, without being an adminidictator?
Right now, the ONLY list we are using is that which is provided through spamcop. They seem to have a list that is dynamic and only blacklists during periods of high reports, then takes them off the list after a short time...
Or am I just a little naive?
Fairly naive. Spamcop blacklists a lot of IP addresses that send a lot of email that isn't spam. And some that send zero spam, by any sane definition. That doesn't mean to say it doesn't work for you, but don't mistake a list that'll block a mailserver for a week on the basis of one or two unsubstantiated reports as _safe_ solely because it will only block it for a week. Depending on your demographics SpamCop may have an acceptable false positive level, but it's not a list I advise most users to use as it regularly lists sources of large amounts of non-spam (such as, for example, mailservers used solely for closed-loop opt-in email). Despite that, though, it's quite effective if you're prepared to accept the false positive rate. You may want to look at the CBL or XBL if you're interested in a very effective IP based blacklist with a very low level of false positives. Not zero, but really pretty low. Pretty much all the others have levels of false positives that are bad enough that I wouldn't use them myself, though depending on the demographics of your recipients they may be acceptable to you. Using them to block mail to all recipients is likely to be problematic in most cases. Some recipients who choose to use it? Sure. As part of a scoring system? Perhaps. Blocking across all users? Probably a bad idea in most cases. Cheers, Steve
On Wed, Aug 09, 2006 at 10:29:52PM -0500, Robert J. Hantson wrote:
So with all this talk of Blacklists... does anyone have any suggestions that would be helpful to curb the onslaught of email, without being an adminidictator?
Yes. First, run a quality MTA -- that *requires* an open-source MTA that is subject to ongoing, frequent, and strenuous peer review. I recommend one of {postfix, sendmail, exim, courier}. I recommend against qmail. Second, use the built-in capabilities of that MTA to block SMTP traffic from misbehaving mail servers. Examples: (1) Use the greet_pause (sendmail) or equivalent feature. (2) enable checks for forward and reverse DNS existence. (3) enable checks for HELO/EHLO (only to see if it's a FQDN, not to see if it matches connecting host). (4) use postgrey (or equivalent) with whitelisting of hosts that are "known" to you. And so on -- each MTA has a myriad of features that boil down to "reject mail from misbehaving hosts" and those features can be used to reject an awful lot of spam. (Yes, these measures will also occasionally reject mail from hosts which are either running highly broken software or which are badly misconfigured. This is a feature, not a bug, and the onus is on the operators of those hosts to bring them into compliance with Internet standards, both codified and de facto.) Third, Put in the Spamhaus DROP list on your border routers/firewalls. There is no reason to accept ANY network traffic, nor send any network traffic to, any network on that list. Nothing good can come of it -- for you, that is. Update once a month. Fourth, use a judicious selection of DNSBLs/RHSBLs (to do outright rejection). I use and recommend: Spamhaus XBL (which is the XBL+CBL combined zone). NJABL DSBL TQMcube zone: dhcp SORBS zones: http, socks, misc, smtp, web, zombie, dul AHBL I've never had a FP from the first three over many years of use. I've had a handful of scattered FPs from the second three, but each has been quickly addressed by the zone's maintainers -- and about half of those weren't their fault anyway, but they still fixed the problem. Fifth, if you don't need to accept mail from certain countries: don't. Many people (including me) refuse all mail from Korean and Chinese IP space because *at their site* it's 100.00% spam. TQMcube provides DNSBls for that, as do others. (Conversely, if you happen to be in either of those countries, you may find that 100.00% of your incoming traffic from the US is spam...in which case you should consider blocking all US IP space.) Sixth, consider a combination of AV/AS measures. One such combination might be ClamAV and SpamAssassin; another might use those two glued together with Amavis-new. But: it's not worth doing this until you've done all the other stuff, because otherwise you will burden these (relatively) computationally-intensive programs with traffic that you could -- and should -- have already rejected near the beginning of the SMTP transaction. If you use SpamAssassin, you can also use various DNSBLs as part of weighted scoring. This is a fallback if you're not comfortable using them to do outright rejection. Seventh, do not use SMTP callbacks -- they are abusive and readily lend themselves to DDoS attacks. They're also pointless and stupid. Don't bother using DomainKeys/SPF/whatever -- these technologies were failures from the beginning despite grandiose promises ("Spam as a technical problem is solved by SPF"). And do everything possible to make sure you don't emit outscatter (aka backscatter): reject during the SMTP conversation, don't accept-then-bounce. Eighth, get on the mailing lists that discuss this, like Spam-L, spam-research, spam-tools, spambayes, etc. NANOG really isn't the best place for this conversation. Finally, and perhaps most importantly: don't be a source of spam or a supporter of it (by providing HTTP, DNS or other services to spammers). Make sure you have a working, unblocked "abuse" address, read it, and act on what you receive there promptly - by immediately and permanently revoking all services that you're providing to spammers. Make sure that you have a TOS/AUP in place that allows you to shut them down without prior notice -- i.e. the only warning they get is the one in the TOS/AUP when they sign it. Add a clause that allows you to confiscate their data/equipment -- this will deter a *lot* of spammers from even trying to sign up with you, which in turn will greatly diminish the risk to your network and the amount of work you may have to do later. (The only reason any network has persistent/systemic issues with spam (as opposed to sporadic/isolated issues, which can happen to anyone) is that its operators are (1) lazy (2) stupid (3) incompetent (4) greedy. There are no exceptions. There are also no excuses.) ---Rsk
On 8/9/06, Allan Poindexter <apoindex@aoc.nrao.edu> wrote:
There are simple solutions to this. They do work in spite of the moanings of the hand wringers. In the meantime my patience with email "lost" silently due to blacklists, etc. is growing thin.
There are simple solutions to this. They do work in spite of the moanings of the few who have been mistakenly blocked. In the meantime my patience with email "lost" in the sea of spam not blocked by blacklists, etc. is growing thin. -- -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
Todd> There are simple solutions to this. They do work in spite of Todd> the moanings of the few who have been mistakenly blocked. So it is OK so long as we only defame a few people and potentially ruin their lives? Todd> In the meantime my patience with email "lost" in the sea of Todd> spam not blocked by blacklists, etc. is growing thin. Hmm. Let me think a minute. Nope not buying it. I have already given two simple solutions that don't involve potentially dropping job offers, wedding invitations, letters from old sweethearts, and other such irreplaceable email. Certainly it is impossible to guarantee all mail gets delivered. But to intentionally make it worse by deliberately deleting other people's email is arrogant and immoral. On the other side what do we have for those falsely defamed? I suppose we could psychically contact them to tell them their mail was deleted. Certainly email won't be reliable enough after these guys are done with it. If they worked for the post office these guys would be in jail.
In the way you describe it any spam filter is bad any spam filter manufacturer should go to jail... On Wed, 9 Aug 2006, Allan Poindexter wrote:
Todd> There are simple solutions to this. They do work in spite of Todd> the moanings of the few who have been mistakenly blocked.
So it is OK so long as we only defame a few people and potentially ruin their lives?
Todd> In the meantime my patience with email "lost" in the sea of Todd> spam not blocked by blacklists, etc. is growing thin.
Hmm. Let me think a minute. Nope not buying it. I have already given two simple solutions that don't involve potentially dropping job offers, wedding invitations, letters from old sweethearts, and other such irreplaceable email. Certainly it is impossible to guarantee all mail gets delivered. But to intentionally make it worse by deliberately deleting other people's email is arrogant and immoral.
On the other side what do we have for those falsely defamed? I suppose we could psychically contact them to tell them their mail was deleted. Certainly email won't be reliable enough after these guys are done with it.
If they worked for the post office these guys would be in jail.
william> In the way you describe it any spam filter is bad any spam william> filter manufacturer should go to jail... Manufacturer? No. It is perfectly permissible for a recipient to run a filter over his own mail if he wishes. Jail? Not what I said. I said postal workers couldn't get away with this behavior. The laws governing email are different. BUT: They aren't as different as is generally believed. Go read the ECPA sometime. Being legal isn't the same thing as being moral. The world would be a better place if people started worrying about doing what is right rather than only avoiding what will get them in jail. If I seem testy about this it is because I am. A friend of mine with cancer died recently. I learned later she sent me email befoe she died. It did not reach me because some arrogant fool thought he knew better than me what I wanted to read. And it isn't the first time or the only sender with which I have had this problem. I have had plenty of users with the same complaint as well. I have in the past considered this antispam stuff "ill advised" or "something I oppose". Expect me to fight it tooth and nail from now on.
On Wed, 9 Aug 2006, Allan Poindexter wrote:
william> In the way you describe it any spam filter is bad any spam william> filter manufacturer should go to jail...
Manufacturer? No. It is perfectly permissible for a recipient to run a filter over his own mail if he wishes.
An RBL is in fact kind-of like spam filter manufacturer or more precisely RBL operator is like spam filter manufacturer. I've not heard of antispam product manufacturer ever being in court because of spam classification problems with their product; in fact I've not even seen successful case brought against Microsoft and we do all know how much spam comes through because of deficiencies in their product... In any case I think what you have a problem with is not RBL lists or anti-spam filtering but situation where lists and filters are used without your knowledge and approval by your ISP[*] to filter your mail. My suggestion to you is to either have your own domain and run your own filtering system or to choose an ISP that provides you with capabilities to control their spam filter, for example by way of using SIEVE scripts. [*] I do want to point out though that if domain is owned by ISP they can decide what rules to set for their users. Any email address you get within that domain is not really "yours" but basically you're "licensed" to use that address as long as you pay your service fees and agree to policies and rules of the ISP (and license is in fact correct term because often enough company would have a trademark on their name and so when you use email address with such a name you need their permission, i.e. a license).
I have in the past considered this antispam stuff "ill advised" or "something I oppose". Expect me to fight it tooth and nail from now on.
You need to understand first who to fight. -- William Leibzon Elan Networks william@elan.net
On 8/10/06, Allan Poindexter <apoindex@aoc.nrao.edu> wrote:
Todd> There are simple solutions to this. They do work in spite of Todd> the moanings of the few who have been mistakenly blocked.
So it is OK so long as we only defame a few people and potentially ruin their lives?
That's quite a stretch there, bub. "Defame" means that it is somehow misrepresented as true, factual information. Publicly accessible (and non-mandatory) blacklists are opinions, not portrayed as fact by any stretch of the imagination.
Todd> In the meantime my patience with email "lost" in the sea of Todd> spam not blocked by blacklists, etc. is growing thin.
Hmm. Let me think a minute. Nope not buying it.
If your inbound mail isn't at least 30% spam (or blocked spam attempts) these days, then you haven't been using the Internet long enough. I have better things to do than pass that 30% of mail traffic. The spam can FOAD as far as I care, and if there is a problem of a mistake with something improperly blocked, it is fixable (and takes a lot less maintenance time than dealing with the spam tsunami). Sorry, but those of us who have actually done this sort of thing for a living for a while know quite well why not every network can implement bayes-ish "Report Spam" button schemes (which are inaccurate anyhow, as you've pointed out), nor simply present all actual spam to the users (who would be flooded with well more than 30% in some cases -- there are in-use mailboxes on systems I've managed that would be above 99% spam if the spew weren't blocked at the gate). It's either lack of industry experience on your part, or you're yet another troll for a "list renter" or bulker -- which is it? Based on earlier statements of yours, I would give you the benefit of the doubt and assume the former. However, you just had to pull out the "defame" word in a completely invalid grammatical and legal context, so I'm starting to hedge bets on the latter. -- -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
Allan Poindexter wrote:
Todd> There are simple solutions to this. They do work in spite of Todd> the moanings of the few who have been mistakenly blocked.
So it is OK so long as we only defame a few people and potentially ruin their lives?
Weren't you the person complaining about *others* being alarmist? -- Steve Sobol, Professional Geek ** Java/VB/VC/PHP/Perl ** Linux/*BSD/Windows Apple Valley, California PGP:0xE3AE35ED It's all fun and games until someone starts a bonfire in the living room.
On Aug 9, 2006, at 10:59 PM, Allan Poindexter wrote:
At LISA a couple of years ago a Microsoftie got up at the SPAM symposium and told of an experiment they did where they asked their hotmail users to identify their mail messages as spam or not. He said the users got it wrong some small percentage amount of the time. I was stunned at the arrogance and presumption in that comment. You can't tell from looking at the contents, source, or destination if something is spam because none of these things can tell whether the message was requested or is wanted by the recipient. The recipient is the only person who can determine these things.
I'm gonna hold up the "I call bullshit" card here. Recipients most certainly *can* get it wrong. Things I've seen "reported as spam": - An autoresponse from "abuse@DOMAIN" telling the user that the e- mail they had JUST sent to abuse@DOMAIN had been accepted and was being fed to a human being for processing - Receipts for online purchases the user legitimately made ... and numerous other things just like this that, whether the user wants to call it "spam" or not, certainly is not "spam". So yes, I would have to -- as much as it pains me in my heart of hearts -- agree with the Hotmail representative in your example. Users can and will get it wrong at the very least some small percentage of the time. Cheers, D -- Derek J. Balling Manager of Systems Administration Vassar College 124 Raymond Ave Box 0406 - Computer Center 217 Poughkeepsie, NY 12604 W: (845) 437-7231 C: (845) 249-9731
Derek> I'm gonna hold up the "I call bullshit" card here. Recipients Derek> most certainly *can* get it wrong. Sorry I wasn't very clear. The results in the hotmail example were where the users said it wasn't spam but hotmail insisted it was. It is possible for a user to indentify non-spam as spam. But if a user says it isn't spam then it isn't no matter how much it might look like it might be. I have had this happend to me personally. Some of my fellow admins at the time insisted some of my incoming mail was spam. As it happened the mail (offering some telephone products) was specifically requested.
Sorry I wasn't very clear. The results in the hotmail example were where the users said it wasn't spam but hotmail insisted it was. It is possible for a user to indentify non-spam as spam. But if a user says it isn't spam then it isn't no matter how much it might look like it might be.
Phishing spam leaps immediately to mind as a counterexample; the fact that the user mistakes it for legit mail is exactly the problem. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
On Wed, 9 Aug 2006 23:51:58 -0400 "Derek J. Balling" <deballing@vassar.edu> wrote:
On Aug 9, 2006, at 10:59 PM, Allan Poindexter wrote:
At LISA a couple of years ago a Microsoftie got up at the SPAM symposium and told of an experiment they did where they asked their hotmail users to identify their mail messages as spam or not.
<snip>
The recipient is
the only person who can determine these things.
Sure, but humans aren't perfectly accurate... Early tests with bayesian classifiers, on the false postive rate, tended to indicate that building a classifier with a lower false postive rate than the humans was pretty easy. Certainly my own experience is that I occassionaly tag things as junk, or mis-moderate messages to mailing lists. my own false postive rate is probably less than 1% spammassassain's is much lower than that. false negatives however are a reason I sitll have to tag things.
I'm gonna hold up the "I call bullshit" card here. Recipients most certainly *can* get it wrong.
Allan Poindexter wrote:
Matthew> so would you consider as it is my network, that I should Matthew> not be allowed to impose these 'draconian' methods and Matthew> perhaps I shouldn't be allowed to censor traffic to and Matthew> from my networks?
If you want to run a network off in the corner by yourself this is fine. If you have agreed to participate in the Internet you have an obligation to deliver your traffic.
That's a very "interesting" statement. Here's my response, I'll deliver your traffic if it is not abusive if you delivery my non-abusive traffic. My definition of 'abusive' is applied to what I will let cross my border (either direction) - I expect you will want to do the same with the traffic you define as abusive, and I expect you to and support your right to do that.
There are simple solutions to this. They do work in spite of the moanings of the hand wringers. In the meantime my patience with email "lost" silently due to blacklists, etc. is growing thin.
Anyone using SORBS as I have intended and provided (and documented) will/should not silently discard mail. If anyone asks how to silently discard mail I actively and vigorously discourage the practice.* In fact because I disagree with that even in the case of virus infected mail I patches my postfix servers to virus scan inline so virus infected mail can be rejected at the SMTP transaction. RFC2821 is clear when you have issued an ok response to the endofdata command you accept responsibility for the delivery of that message and that should not fail or be lost through trivial or avoidable reasons - I consider virus detection and spam as trivial reasons - if you can't detect a reason for rejection at the SMTP transaction, deliver the mail. Regards, Mat * except in extreme/unusual circumstances - for example, there are 2 email addresses that if they send mail *to* me, they will get routed to /dev/null regardless of content.
Allan Poindexter wrote:
Matthew> so would you consider as it is my network, that I should Matthew> not be allowed to impose these 'draconian' methods and Matthew> perhaps I shouldn't be allowed to censor traffic to and Matthew> from my networks?
If you want to run a network off in the corner by yourself this is fine. If you have agreed to participate in the Internet you have an obligation to deliver your traffic.
In many cases, that is a gross overgeneralization. Do you think anyone really wanted the Slammer worm, or complained when ISP's blocked it? I work for a company that is contractually obligated to NOT carry certain traffic for our clients.
the users got it wrong some small percentage amount of the time. I was stunned at the arrogance and presumption in that comment. You can't tell from looking at the contents, source, or destination if something is spam because none of these things can tell whether the message was requested or is wanted by the recipient. The recipient is the only person who can determine these things.
You're right. But... So what? Perhaps it's because you're seeing things from an academic point of view and not from a business point of view, but your post mention nothing about contracts. People generally use DNSBLs without any formal agreement as to what they should expect. Without any formal agreement, you really can't talk about "obligations to deliver traffic." In this case, your recourse is to not use the DNSBL. If you're mailing someone who has a DNSBL, you (as the sender) have *no* recourse other than to complain to the DNSBL user. Plus, as I pointed out earlier, some people contract with service providers to prevent certain traffic from getting to their networks (not just spam, either).
There are simple solutions to this. They do work in spite of the moanings of the hand wringers. In the meantime my patience with email "lost" silently due to blacklists, etc. is growing thin.
You're certainly welcome to encourage others not to use blacklists. Just understand that you have no right to complain when they decide to continue using those blacklists. Having said that, do understand that I don't think DNSBL's are a panacea, nor are their operators perfect. But in many cases, they can be a useful tool in the anti-spam arsenal. -- Steve Sobol, Professional Geek ** Java/VB/VC/PHP/Perl ** Linux/*BSD/Windows Apple Valley, California PGP:0xE3AE35ED It's all fun and games until someone starts a bonfire in the living room.
Steve Sobol wrote:
Allan Poindexter wrote:
Matthew> so would you consider as it is my network, that I should Matthew> not be allowed to impose these 'draconian' methods and Matthew> perhaps I shouldn't be allowed to censor traffic to and Matthew> from my networks?
If you want to run a network off in the corner by yourself this is fine. If you have agreed to participate in the Internet you have an obligation to deliver your traffic.
In many cases, that is a gross overgeneralization. Do you think anyone really wanted the Slammer worm, or complained when ISP's blocked it?
I suspect he really means that. The whole game here is maximum dollar for minimum service. I was pretty much chased off of NANOG some years ago because of my undiplomatic insistence that the SP's had an obligation to block evil traffic (which in those would have been an easier matter than it is today). And yes, I didn't handle the diversionary flame wars and ad hominem attacks very well. Don't bother yourself, anybody, with looking them up.
I work for a company that is contractually obligated to NOT carry certain traffic for our clients.
the users got it wrong some small percentage amount of the time. I was stunned at the arrogance and presumption in that comment. You can't tell from looking at the contents, source, or destination if something is spam because none of these things can tell whether the message was requested or is wanted by the recipient. The recipient is the only person who can determine these things.
You're right. But... So what?
Perhaps it's because you're seeing things from an academic point of view and not from a business point of view, but your post mention nothing about contracts. People generally use DNSBLs without any formal agreement as to what they should expect. Without any formal agreement, you really can't talk about "obligations to deliver traffic." In this case, your recourse is to not use the DNSBL. If you're mailing someone who has a DNSBL, you (as the sender) have *no* recourse other than to complain to the DNSBL user.
Plus, as I pointed out earlier, some people contract with service providers to prevent certain traffic from getting to their networks (not just spam, either).
There are simple solutions to this. They do work in spite of the moanings of the hand wringers. In the meantime my patience with email "lost" silently due to blacklists, etc. is growing thin.
You're certainly welcome to encourage others not to use blacklists. Just understand that you have no right to complain when they decide to continue using those blacklists.
Having said that, do understand that I don't think DNSBL's are a panacea, nor are their operators perfect. But in many cases, they can be a useful tool in the anti-spam arsenal.
-- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
You're certainly welcome to encourage others not to use blacklists. Just understand that you have no right to complain when they decide to continue using those blacklists.
Having said that, do understand that I don't think DNSBL's are a panacea, nor are their operators perfect. But in many cases, they can be a useful tool in the anti-spam arsenal.
Weighing in with an opinion, as bad as blacklists *may be*, at least they let the sender know something's up. Not in an artful way, to be sure, but they give some notice. The sender can do _something_, including dropping his association with the recipient b/c it's not worth his time and trouble. Blackholing email because you think it's spam, OTOH, is pure evil. -- _________________________________________ Nachman Yaakov Ziskind, FSPA, LLM awacs@ziskind.us Attorney and Counselor-at-Law http://ziskind.us Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants
Weighing in with an opinion, as bad as blacklists *may be*, at least they let the sender know something's up. Not in an artful way, to be sure, but they give some notice. The sender can do _something_, including dropping his association with the recipient b/c it's not worth his time and trouble. Blackholing email because you think it's spam, OTOH, is pure evil.
Host type can only be used as a relatively small weighting factor toward blocking connections. However in the absence of any other reputation data on a particular IP, it's a safe way to trigger throttling or rate limiting. IMHO receivers have a right to filter traffic in any way that reduces abuse while serving the needs of their end users. There is a lot of pressure from end users and legitimate email senders to ensure that whatever blocking strategy is in use ensures that the good stuff is not blocked. Regards, Ken -- MailChannels: Reliable Email Delivery (TM) | http://mailchannels.com -- Suite 203, 910 Richards St. Vancouver, BC, V6B 3C1, Canada Direct: +1-604-729-1741
Ken Simpson wrote (on Fri, Aug 11, 2006 at 09:09:33AM -0700):
Weighing in with an opinion, as bad as blacklists *may be*, at least they let the sender know something's up. Not in an artful way, to be sure, but they give some notice. The sender can do _something_, including dropping his association with the recipient b/c it's not worth his time and trouble. Blackholing email because you think it's spam, OTOH, is pure evil.
Host type can only be used as a relatively small weighting factor toward blocking connections. However in the absence of any other reputation data on a particular IP, it's a safe way to trigger throttling or rate limiting.
IMHO receivers have a right to filter traffic in any way that reduces abuse while serving the needs of their end users. There is a lot of pressure from end users and legitimate email senders to ensure that whatever blocking strategy is in use ensures that the good stuff is not blocked.
I agree that IP by itself is of limited usefullness. My main point was that, however you came to your decision ("today I'm not accepting SMTP from hosts with the number nine in their IP"), you should reject mail you don't want, not accept it and toss it. -- _________________________________________ Nachman Yaakov Ziskind, FSPA, LLM awacs@ziskind.us Attorney and Counselor-at-Law http://ziskind.us Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants
On Wed, Aug 09, 2006 at 03:42:32PM -0600, Allan Poindexter wrote:
Far more damage has been done to the functionality of email by antispam kookery than has ever been done by spammers.
That is not even good enough to be wrong. ---Rsk, with apologies to Enrico Fermi
Allan Poindexter wrote:
The functionality of my email is still almost completely intact. The only time it isn't is when some antispam kook somewhere decides he knows better than me what I want to read. Spam is manageable problem without the self appointed censors. Get over it and move on.
I rather suspect that your spam problem is manageable because other admins are using DNSBLs and are thereby putting pressure on ISPs to boot spammers off their networks. Even a list like SPEWS, which is used by very few people, may motivate ISPs to clean up their network. -- "Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." - Brian W. Kernighan
hit "D" now, i've been trolled. apoindex@aoc.nrao.edu (Allan Poindexter) writes:
... I have one email address that has:
...
In short it should be one of the worst hit addresses there is. All I have to do to make it manageable is run spamassassin over it.
may the wind always be at your back. my troubles are different than yours, and i hope i can count on your support if i feel compelled take more drastic measures than you're taking. especially since one of my troubles is about a moral issue having to do with mutual benefit. if an isp's business success depends on them using access granted under an implied mutual benefit covenant and they decide to operate in a sole benefit manner, they can't expect me to continue to accept their traffic or their customer's traffic. simpler put, i won't run spamassassin to figure out what might or might not be spam after i receive it -- i'll just reject everything they send me. just because i think the linux kernel people are insane when they illegalize binary or proprietary kernel modules, doesn't mean i'm ready to live in a world where anyone on the internet can shift their costs to me with impunity. but i respect your right to treat your inbox as you see fit. can you say the same about me and my rights and my inbox, mr. poindexter?
That is the mildest of several measures I could use to fix the "spam problem". If it became truly impossible I could always fall back to requiring an address of the form "apoindex+<password>" and blocking all the one's that don't match the password(s). That would definitely fix the problem and doesn't require any pie in the sky re-architecting of the entire Internet to accomplish.
if you wish to accept those costs, i hope noone opposes you. but i'm not willing to live that way, and i hope you won't try to force me to?
For almost a decade now I have listened to the antispam kooks say that spam is going to be this vast tidal wave that will engulf us all.
that would be me, and it has.
Well it hasn't. It doesn't show any sign that it ever will. In the meantime in order to fix something that is at most an annoyance people in some places have instigated draconian measures that make some mail impossible to deliver at all or *even in some case to know it wasn't delivered*. The antispam kooks are starting to make snail mail look good. It's pathetic.
that paragraph seems to be semantically equal to "shut up and eat your spam" so i hope i'm misinterpreting you. otherwise, it's your word, "pathetic".
The functionality of my email is still almost completely intact. The only time it isn't is when some antispam kook somewhere decides he knows better than me what I want to read. Spam is manageable problem without the self appointed censors. Get over it and move on.
damn. i've been trolled. sorry everybody. -- Paul Vixie
On Wed, 9 Aug 2006, Michael Nicks wrote:
themselves and their obviously broken practices. We should not have to jump through hoops to satisfy your requirements.
We were hit by the requirement to include the word "static" in our DNS names to satisfy requirements. It wasn't enough to just say "this /17 is only static IPs, one customer, one IP, no dhcp or other dynamics at all), we actually had to change all PTR records to this arbitrary "standard". Took several weeks to get delisted even after that. -- Mikael Abrahamsson email: swmike@swm.pp.se
Doesn't really surprise me to be frankly honest. :) The way their requirements are structured, they remind me a lot of a state agency. Best Regards, -Michael -- Michael Nicks Network Engineer KanREN e: mtnicks@kanren.net o: +1-785-856-9800 x221 m: +1-913-378-6516 Mikael Abrahamsson wrote:
On Wed, 9 Aug 2006, Michael Nicks wrote:
themselves and their obviously broken practices. We should not have to jump through hoops to satisfy your requirements.
We were hit by the requirement to include the word "static" in our DNS names to satisfy requirements. It wasn't enough to just say "this /17 is only static IPs, one customer, one IP, no dhcp or other dynamics at all), we actually had to change all PTR records to this arbitrary "standard".
Took several weeks to get delisted even after that.
On Wed, 9 Aug 2006, Mikael Abrahamsson wrote:
On Wed, 9 Aug 2006, Michael Nicks wrote:
themselves and their obviously broken practices. We should not have to jump through hoops to satisfy your requirements.
We were hit by the requirement to include the word "static" in our DNS names to satisfy requirements. It wasn't enough to just say "this /17 is only static IPs, one customer, one IP, no dhcp or other dynamics at all), we actually had to change all PTR records to this arbitrary "standard".
Would people support if there was a defined and standardized way that providers can specify if the system with this ip address does or does not send email? There are several proposal for this but so far ISPs have not shown sufficient interest in implimenting any one - if number of ISPs agree to enter some records and it catches on then the need for 3rd party maintained lists of dynamic ip addresses would go away. --- Of course the root cause for all these still remains that certain OS vendor makes (and contines to) bad security design choices and this results in users of their system getting infected and being used as spam zombies. Combined with that is that many ISPs don't maintain good enough policies to shutdown infected users quickly or block their accounts from access to SMTP on per-user basis. Last is sometimes due to low margins and ISPs trying to cut cost and it is effecting abuse department - which the basicly the one part of the company that not only not make any money but causes to loose some business... -- William Leibzon Elan Networks william@elan.net
On 8/9/06, william(at)elan.net <william@elan.net> wrote:
---
Of course the root cause for all these still remains that certain OS vendor makes (and contines to) bad security design choices and this results in users of their system getting infected and being used as spam zombies. Combined with that is that many ISPs don't maintain good enough policies to shutdown infected users quickly or block their accounts from access to SMTP on per-user basis. Last is sometimes due to low margins and ISPs trying to cut cost and it is effecting abuse department - which the basicly the one part of the company that not only not make any money but causes to loose some business...
That (blocking SMTP) could become illegal is some proposed "net neutrality" legislation is passed. <I apologize in advance for stoking the flames>
On Thu, 2006-08-10 at 07:39, Aaron Glenn wrote:
That (blocking SMTP) could become illegal is some proposed "net neutrality" legislation is passed.
hahaha try enforcing that in other countries also, most networks are private (not state run) therefore we have the right to say yes/no what data enters our own network, because unless unless a contract (payment) exists for the senders ISP to receivers ISP to accept data off them, the senders ISP can be told to go to hell :)
<I apologize in advance for stoking the flames>
On 8/9/06, Noel <noel.butler@ausics.net> wrote:
On Thu, 2006-08-10 at 07:39, Aaron Glenn wrote:
That (blocking SMTP) could become illegal is some proposed "net neutrality" legislation is passed.
Man, I really butchered that one. I look so much smarter when I don't post on NANOG...
hahaha try enforcing that in other countries
That has never stopped the US from making terrible policy (-:
also, most networks are private (not state run) therefore we have the right to say yes/no what data enters our own network, because unless unless a contract (payment) exists for the senders ISP to receivers ISP to accept data off them, the senders ISP can be told to go to hell :)
We're talking about owned Windows boxes on consumer/retail access networks (cable/dsl/whathaveyou).
On Thu, 2006-08-10 at 06:49, Mikael Abrahamsson wrote:
We were hit by the requirement to include the word "static" in our DNS names to satisfy requirements. It wasn't enough to just say "this /17 is only static IPs, one customer, one IP, no dhcp or other dynamics at all), we actually had to change all PTR records to this arbitrary "standard".
Took several weeks to get delisted even after that.
We've had our moments with SORBS, Matthew is a very approachable person. Things get sorted out pretty quickly, generally within a few days, Matthew also has others who help him and one of them is an obnoxious ####. I do agree though, the requirment to have X TTL and 'static' or non 'dsl' 'dial' in DNS is a bit too far, I understand this is for automation, its the only part of SORBS i disagree with, that said we still use them, as do many large carriers ion this country, because the use of RBL's is for one reason, to STOP the wanker, and SORBS along with spamcop and spamhaus and njabl go a very long way to prevent peoples privacy being invaded by those vernom
Noel wrote:
On Thu, 2006-08-10 at 06:49, Mikael Abrahamsson wrote:
We were hit by the requirement to include the word "static" in our DNS names to satisfy requirements. It wasn't enough to just say "this /17 is only static IPs, one customer, one IP, no dhcp or other dynamics at all), we actually had to change all PTR records to this arbitrary "standard".
Took several weeks to get delisted even after that.
We've had our moments with SORBS, Matthew is a very approachable person. Things get sorted out pretty quickly, generally within a few days, Matthew also has others who help him and one of them is an obnoxious ####.
I do agree though, the requirment to have X TTL and 'static' or non 'dsl' 'dial' in DNS is a bit too far, I understand this is for automation, It is for automation, but it is also so that the SORBS DUHL would become
I'd love to know which one... I have had several (had being the operative word) and from time to time some still are. pointless. If a standard format was used admins would be able to choose their policy by simple regexs instead of relying on third-party lists which cannot possibly ever be 'uptodate' just because of the number of changes that happen on a daily basis around the world. This is also why I took the time to create: http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-sch... There are things in the works that will enable the most complained about aspects of SORBS to be fixed and to go away permanently... The only thing that is delaying it is developer time... So I will say this publicly - those that want to see drastic changes @ SORBS that are, or have access to a perl coder with SQL knowledge, and is able to spend 20-40 hours of pure coding time writing a user interface for user permissions & roles in Perl contact me off list as the user interface is the only thing that is holding up moving to the beta stage of the SORBS2 database. The SORBS2 database will allow registered RIR contacts to update list/delist parts/all of their netblocks within SORBS as well as getting instant reporting of issues (by mail or by SMS (fee applicable for SMS)) with minimal intervention from SORBS admins - this includes spam and DUHL listings. Regards, Mat
On 10 Aug 2006, at 00:06, Matthew Sullivan wrote:
[...] This is also why I took the time to create:
http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic- naming-schemes-00.txt
Why is this information being encoded into the regular PTR records that already have another purpose, thus reducing its usefulness? It seems the only purpose is as a bandaid over dumb SORBS policy. Create a new SPF-like record if you want *additional* information in DNS. Don't clobber an existing service.
There are things in the works that will enable the most complained about aspects of SORBS to be fixed and to go away permanently... The only thing that is delaying it is developer time... So I will say this publicly - those that want to see drastic changes @ SORBS that are, or have access to a perl coder with SQL knowledge, and is able to spend 20-40 hours of pure coding time writing a user interface for user permissions & roles in Perl contact me off list as the user interface is the only thing that is holding up moving to the beta stage of the SORBS2 database.
I have the skills and time, but zero inclination to support SORBS. In fact, I think I'll hack my mostly-default SpamAssassin configuration to ignore SORBS. Grepping mailboxes for the SA tag suggests that SORBS makes no difference in detecting spam, and it tags a number of legitimate correspondents, including, it appears, Spamcop at 204.15.82.27. (I'm going by the tags SA added to the message since I can't get past the CAPTCHA on your website to query that address.) Blacklisting competitors is a low and dirty trick.
Michael Nicks wrote:
Actually I think this thread progressed from someone getting dirty blocks, to complaining about liberal-listing-RBLs (yes SORBS is one), to RBLs defending themselves and their obviously broken practices. We should not have to jump through hoops to satisfy your requirements.
Best Regards, -Michael
Again please parse "you" and "your" as being generic and not targeted at Michael, this is merely a reply. (except in the first series of interrogatories, nor do I have any evidence that Michel is currently or has ever hosted anyone who has caused a listing in the AHBL) So, we shouldn't enforce _our_ policies on _our_ sites, that _our_ users agree with and assume that we follow because it's inconvenient for _you_? Assuming that I follow the rules that I have established, and published for review for the running of my list, how are my practices broken? Can I not conceivably list anyone who falls afoul of my listing policies at any time? Why should I, someone with years of experience running, maintaining and defending a DNSBL listen to you who lacks such experience (to my knowledge) as to how to run my list? Why should I, with the above mentioned points of experience listen to you as to how to run my list when your advice is in conflict with the policies that my list abides by, and that my uses expect and trust that I follow? Should I also listen to your thoughts on routing protocols so as to ensure you are not required to "jump through hoops"? Perhaps I should consult with you in designing my web site for similar reasons? Maybe I should have you review my security so that my network is not overly burdensome to you? Or, maybe I should show up at your facilities and start ripping out patch cables and torching servers and equipment used to provide service to people who fall afoul of my listing policies. I really don't think that you'd appreciate that. Therefore your statement that you should not have to "jump through hoops" is unsupportable. And believe me when I say this, there's a long list of people on the Internet that I consider to be idiots, and a large local deny file on my mailservers for entities I don't like, or don't want mail from that never make it into the AHBL. I, and Matthew (to my knowledge) does not bend the rules simply because it's convenient, or because the idiot deserved it. On the front page of the AHBL's website is a link in size 4 bold font. "If you were told to come here to get removed from our list, please see this page." If you are for some reason incapable of figuring out how to follow the link, navigating your way to the lookup page in the subsequent instructions, and then determining and entering your IP address; then why are you running a mail server in the first place? Also on our site is our policies which every volunteer with access to the AHBL has read and agreed to follow. We also monitor raw incoming submissions to ensure the volunteers DO follow them. So feel free to read our policies, and if you like them, feel free to use our list if it suits your needs. If it does not, please feel free to direct your opinions to the bitbucket unless you want to come to me with both a problem and a rational solution, instead of bitching about how I do volunteer work. Andrew
Actually there can be false positive. ISP's who put address blocks into "dialup" blocks which have the qualification that the ISP is also supposed to only do it if they *don't* allow email from the block but the ISP's policy explicitly allows email to be sent. They have a default port 25 filter that will be turned off on request. i.e. they allow direct out going email on request. The said ISP *thinks* they are doing the right thing by listing the block when in reality they are lying by listing the block. Mark
Mark Andrews wrote:
Actually there can be false positive. ISP's who put address blocks into "dialup" blocks which have the qualification that the ISP is also supposed to only do it if they *don't* allow email from the block but the ISP's policy explicitly allows email to be sent.
Actually that's debatable - the SORBS DUHL is about IPs assigned to hosts/people/machines dynamically. We do not list addresses where the ISP have sent the list explictitly saying 'these are static hosts, but they are not allowed to send mail' - similarly we do list hosts in the DUHL where the ISP has said 'these are dynamic but we allow them to send mail' - it's about the people using the SORBS DUHL for their purposes, not for helping ISPs getting around the issue of whether to use SORBS as a replacement to port 25 blocking. Regards, Mat
Mark Andrews wrote:
Actually there can be false positive. ISP's who put address blocks into "dialup" blocks which have the qualification that the ISP is also supposed to only do it if they *don't* allow email from the block but the ISP's policy explicitly allows email to be sent.
Actually that's debatable - the SORBS DUHL is about IPs assigned to hosts/people/machines dynamically. We do not list addresses where the ISP have sent the list explictitly saying 'these are static hosts, but they are not allowed to send mail' - similarly we do list hosts in the DUHL where the ISP has said 'these are dynamic but we allow them to send mail' - it's about the people using the SORBS DUHL for their purposes, not for helping ISPs getting around the issue of whether to use SORBS as a replacement to port 25 blocking.
I wasn't thinking about SORBS. It was a general warning to only put blocks on lists where the usage matches the policy of the list. I was thinking about a Australian cable provider that doesn't do the right thing. I'm sure there will be other ISP's that also fail to check the list policy before nominating the address blocks for the lists. In reality there shouldn't be the need for dialup lists. Also most people don't really use the "dialup" lists correctly. They really should not be a absolute blocker. They should also turn off "dialup" pattern matching tests otherwise you are getting a double penalty for the same thing. Mark
Regards,
Mat -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
Mark Andrews wrote:
I wasn't thinking about SORBS. It was a general warning to only put blocks on lists where the usage matches the policy of the list.
Ah my apologies I misinterpreted.
I was thinking about a Australian cable provider that doesn't do the right thing. I'm sure there will be other ISP's that also fail to check the list policy before nominating the address blocks for the lists.
In reality there shouldn't be the need for dialup lists.
You'll get nothing but agreement from me on that statement. There currently is a need for the list, however there *shouldn't* be any need for it. Regards, Mat
There is one very key point to make in this, use of *any* RBL is up to individual networks, no one makes anyone use them, and those that do must know and accept all risks involved when dealing with DUL's, SORBS operates a zone 'just for vernom' as well, just like spamcop and njabl and others, but if a network like many I can name want to use the full coverage , that is up to us, we know the risks and believe it does more good, EVERYTHING will have collateral damage and we know and accept that. On Thu, 2006-08-10 at 09:59, Matthew Sullivan wrote:
Actually that's debatable - the SORBS DUHL is about IPs assigned to hosts/people/machines dynamically. We do not list addresses where the ISP have sent the list explictitly saying 'these are static hosts, but they are not allowed to send mail' - similarly we do list hosts in the DUHL where the ISP has said 'these are dynamic but we allow them to send mail' - it's about the people using the SORBS DUHL for their purposes, not for helping ISPs getting around the issue of whether to use SORBS as a replacement to port 25 blocking.
Regards,
Mat
Matthew Sullivan wrote:
Mark Andrews wrote:
Actually there can be false positive. ISP's who put address blocks into "dialup" blocks which have the qualification that the ISP is also supposed to only do it if they *don't* allow email from the block but the ISP's policy explicitly allows email to be sent.
Actually that's debatable - the SORBS DUHL is about IPs assigned to hosts/people/machines dynamically. We do not list addresses where the ISP have sent the list explictitly saying 'these are static hosts, but they are not allowed to send mail' - similarly we do list hosts in the DUHL where the ISP has said 'these are dynamic but we allow them to send mail' - it's about the people using the SORBS DUHL for their purposes, not for helping ISPs getting around the issue of whether to use SORBS as a replacement to port 25 blocking.
Regards,
Mat
This point in the thread seems as good as any to toss my two cents in. Matthew, I use your list. I am very appreciative of the efforts you expend on it since those translate directly into less efforts expended on my part. You have my vote. Keep up the good things that you do. This goes as well to the other DNSBL's, such as AHBL operators. I have had no real issues removing systems that wandered "accidentally" into sorbs. For those who cant tolerate any "false positives" from DNSBL. I recommend that the whitelisting procedure be as easy as the blacklisting procedure -- that means running a DNSWL. Make it as easy as moving email from one imap folder to another to process whitelisting. Include instructions in your SMTP errors. Educate your support staff. Joe
participants (26)
-
Aaron Glenn -
Albert Meyer -
Allan Poindexter -
Andrew D Kirch -
Christopher L. Morrow -
Dave Pooser -
Derek J. Balling -
Joe Maimon -
Joel Jaeggli -
Ken Simpson -
Laurence F. Sheldon, Jr. -
Mark Andrews -
Matthew Sullivan -
Michael Nicks -
Mikael Abrahamsson -
Nachman Yaakov Ziskind -
Noel -
Paul Vixie -
Peter Corlett -
Rich Kulawiec -
Rik van Riel -
Robert J. Hantson -
Steve Atkins -
Steve Sobol -
Todd Vierling -
william(at)elan.net