Is anyone else out there aware that the UCEProtect Level 3 email blacklist blocks entire AS? r
Yes. Is that a problem? -----Original Message----- From: Raleigh Apple [mailto:rapple@rapidlink.com] Sent: Thursday, May 07, 2009 1:34 PM To: nanog@nanog.org Subject: UCEProtect Level 3 Is anyone else out there aware that the UCEProtect Level 3 email blacklist blocks entire AS? r
On Thu, 7 May 2009 13:43:14 -0500 "Aaron Wendel" <aaron@wholesaleinternet.net> wrote:
Yes. Is that a problem?
It is. I understand what they are trying to do but we were cut off from some places because someone else in the huge upstream we are with did something that appeared to be spam. It's too broad of a brush. -- D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
On May 7, 2009, at 4:10 PM, D'Arcy J.M. Cain wrote:
It is. I understand what they are trying to do but we were cut off from some places because someone else in the huge upstream we are with did something that appeared to be spam. It's too broad of a brush.
Indeed. That is the sort of vigilantism that leads to filtering chaos. What happens when other ASNs start filtering the entire AS of UCEProtect's upstream(s) as a response? -Matt
On Thu, May 7, 2009 at 3:10 PM, D'Arcy J.M. Cain <darcy@druid.net> wrote:
It is. I understand what they are trying to do but we were cut off from some places because someone else in the huge upstream we are with did something that appeared to be spam. It's too broad of a brush.
It's not the tool or list itself, but the horrible manner in which someone chose to use the list. Those places who chose to perform cut offs blindly based on the listing are responsible, and have their own users to answer to.. The UceProtect L3 website displays a very prominent admission of guilt (they are open about their listing criteria): "This blacklist has been created for HARDLINERS. It can, and probably will cause collateral damage to innocent users when used to block email." So there should be little ignorance on the matter by users. The value of the list is heuristic, for scoring, e.g. SpamAssassin score, and use of the list should be combined with an informed decision, before blocking mail from a sender based on it. Under those conditions, lists like that can be quite useful. If you try hard enough, you can find virus scanners that identify clean system-critical files as possible malware, and firewalls that identify normal surfers as evil hackers... If you have that software and didn't do the research, that's your problem. If you have that software and set it to automatically delete files, or if you have the overzealous firewall and you wrote a script to IPban based on firewall log, the firewall is not responsible for _that_ problem. The list/tool provider is only an accomplice, to the extent that they misinform you, or encourage you to use the list/tool in a poor way given the tool's limitations.... -- -J
James Hess wrote:
It's not the tool or list itself, but the horrible manner in which someone chose to use the list.
Exactly. We can't be responsible for what our users are doing.
Those places who chose to perform cut offs blindly based on the listing are responsible, and have their own users to answer to.. The UceProtect L3 website displays a very prominent admission of guilt (they are open about their listing criteria):
"This blacklist has been created for HARDLINERS. It can, and probably will cause collateral damage to innocent users when used to block email."
So there should be little ignorance on the matter by users. The value of the list is heuristic, for scoring, e.g. SpamAssassin score, and use of the list should be combined with an informed decision, before blocking mail from a sender based on it. Under those conditions, lists like that can be quite useful.
I will give you some more examples how it can be very useful: You can use it to block emails from systems with no PTR or Generic PTR's. You can use it to block emails from systems having non FQDN HELO/EHLO You can use it to block emails from systems which are also listed in very aggressive point blocklists (Single IP blocklists). You can use it to do excessive greylistings (i recommend at least 2 hours) to find out if the system will show up on other blocklists in the meantime. As you can see the only limit is your imagination. --- Claus von Wolfhausen Technical Director UCEPROTECT-Network http://www.uceprotect.net
Raleigh Apple wrote:
Is anyone else out there aware that the UCEProtect Level 3 email blacklist blocks entire AS?
Anyone who reads their description of it would be: http://www.uceprotect.net/en/index.php?m=3&s=5 Are you one of the ASes they blacklist on that list?
-----Original Message----- From: Seth Mattinen [mailto:sethm@rollernet.us] Sent: Thursday, May 07, 2009 11:44 AM To: nanog@nanog.org Subject: Re: UCEProtect Level 3
Raleigh Apple wrote:
Is anyone else out there aware that the UCEProtect Level 3 email blacklist blocks entire AS?
We stopped using UCEProtect in most places recently after using for I think a year or two -- Level 2 was blacklisting giant-sized netblocks (ie, most Cablevision cablemodem IP Space, twice, as well as large chunks of AboveNet space, and that's just what I noticed). ----- Original Message ----- From: "Raleigh Apple" <rapple@rapidlink.com> To: nanog@nanog.org Sent: Thursday, May 7, 2009 2:34:01 PM GMT -05:00 US/Canada Eastern Subject: UCEProtect Level 3 Is anyone else out there aware that the UCEProtect Level 3 email blacklist blocks entire AS? r
On Fri, May 8, 2009 at 12:04 AM, Raleigh Apple <rapple@rapidlink.com> wrote:
Is anyone else out there aware that the UCEProtect Level 3 email blacklist blocks entire AS?
Is there anyone out there aware of any significant (or larger than 'man and his dog on a DSL') mail provider using UCEPROTECT? -- Suresh Ramasubramanian (ops.lists@gmail.com)
Suresh Ramasubramanian wrote:
On Fri, May 8, 2009 at 12:04 AM, Raleigh Apple <rapple@rapidlink.com> wrote:
Is anyone else out there aware that the UCEProtect Level 3 email blacklist blocks entire AS?
Is there anyone out there aware of any significant (or larger than 'man and his dog on a DSL') mail provider using UCEPROTECT?
dnsbl-1.uceprotect.net and dnsbl-2.uceprotect.net work good with SpamAssassin (scoring system). http://stats.dnsbl.com/ keeps some ham/spam stats on various lists. ymmv. Problems arise when 'admin' gets hands on inexpensive anti-spam appliance that makes enabling blacklists a checkbox on a web form with little or no documentation about each list. Ken -- Ken Anderson Pacific Internet - http://www.pacific.net
participants (12)
-
Aaron Wendel
-
Claus v. Wolfhausen
-
Colin Alston
-
D'Arcy J.M. Cain
-
James Hess
-
Jeffrey Meltzer
-
Ken A
-
Matt Liotta
-
Raleigh Apple
-
Seth Mattinen
-
Suresh Ramasubramanian
-
Tomas L. Byrnes