From: David Schwartz [mailto:davids@webmaster.com] Sent: Wednesday, May 23, 2001 7:10 PM
Roeland Meyer wrote:
I don't need to check because I have a piece of confirmed spam from them. A smoking gun. That's the way MAPS RBL has been working for years. That is the way I expect it to continue to work. The main reason that I posted to this thread is that some of the posts lead me to believe otherwise. They were confused.
I think you're missing the big picture. If you receive a single piece of spam from a site, that's not automatically grounds to block the site. That's a recipe for maximizing collateral damage.
So the receipt of a spam from a site is the beginning of the process, not the end.
Actually, I simplified the process. I agree with you 100% here. I don't have the time for such an investigation therefore I use MAPS RBL.
Absolutely. Probe the machine that is of concern, not whole blocks randomly.
Also, only block the proven spam-host. No one else.
That's a more complex judgment. In most cases, I agree that this is appropriate, but I can think of (and have personally witnessed) more extreme circumstances. I've seen ISPs who say, "no, we like to spam and we will spam in the future". In those extreme cases, I'll block their entire address space from reaching my mail servers until their policy changes.
Another reason to use MAPS RBL.
No, its open-relay status is not irrelevant. If you know a site is an open relay, however you know this, and you want to block open relays (which I do) and it's my right to block open relays, then I will block them. How I find out they're an open relay is another story. The usual way is you probe a site when it becomes an actual problem.
I submit that if you have a piece of spam, from a site, and are blocking them, why do you need to probe them?
Well, if you're blocking them because they're an open relay and they say they've fixed the problem, it's certainly reasonable to probe them to decide whether you should begin allowing mail from them. Or do you think it's better to block them indefinitely just so that you don't 'trespass' by probing them?
I'm actually not advocating blocking all open relays. I am advocating blocking all spammers, whether they have open relays or not. There are actually open relays that a spammer can never use, because the open relay site uses MAPS RBL. The are collateral damage, with ORBS. Show me how such a site can be used by a MAPS RBL'd spammer. BTW, yet another reason to use MAPS RBL.
3) Do you think it's unreasonable to block known open relays as a protection against future spam.
Absolutely not. Our entire Norte Americano culture is biased AGAINST apriori restrictions.
The following is a real good example of why I don't like argument by analogy. Your analogy is broken. Let's deal with the issue directly. We actually seem to be on the same side here or not very far apart.
Nonsense! This argument would say that you should allow children to bring guns into school provided they haven't yet shot them. Our culture is biased against a priori restrictions upon speech imposed by the government, but there is nothing inherently bad about a priori restrictions.
You DO NOT spank someone for something that they have NOT, in fact, done. It's called prior restraint and there is a reason that it is considered unjust. It violates the PURE WAR ethos. There is no excuse for collateral damage. Innocents should not be involved, period. This is important because we DO have the technology to wage the PURE WAR and are ethically compelled to use it.
I'm actually not advocating blocking all open relays. I am advocating blocking all spammers, whether they have open relays or not. There are actually open relays that a spammer can never use, because the open relay site uses MAPS RBL. The are collateral damage, with ORBS. Show me how such a site can be used by a MAPS RBL'd spammer. BTW, yet another reason to use MAPS RBL.
That's about the only thing you said that I don't agree with. Use of the MAPS RBL does not make an open relay any less prone to abuse. Use of the MAPS DUL will make an open relay less prone to abuse; however, there are many dial up accounts that are not in the DUL. Nothing stops a spammer from hopping between these dial up accounts. If you say, "well, those dial up accounts should be in the DUL", I'll partially agree with you. But the DUL is largely opt-in. If the provider doesn't want to opt in, then it's the open relay that's the problem. If you say, "well those dial up accounts should be in the RBL", then I won't agree with you. Let's not forget that the RBL is a blackhole list. It's unreasonable to blackhole provider A because his customers are using someone else's open relay. This is especially the case if the open relay makes it any harder to track the actual origin of the spam (say by not putting the source port in the forwarded email). It won't help much if provider A has a good anti-spam policy if someone else is enabling his customers to spam. I am firmly convinced that an open mail relay is a hazzard to the community at large. I don't wish to receive email from them, whether or not they've yet been used to forward spam. While this does cause some collateral damage, I submit that it's the unavoidable type of collateral damage. In practice, the only ethical way to discover an open relay is for it to be used to forward a spam, so in practice there's no distinction. In fact, I would not have really minded if ORBS had continued their practice of probing for open relays. I personally didn't feel that it was ethical, but I don't believe it itself caused any major problems. My break with ORBS occured when they started listing sites that were not confirmed open relays. If ORBS was still a list of only confirmed open mail relays, I'd probably filter on it right now. (While ethically opposed to the way the data was gathered, I don't see any ethical problem with using it. Much like some data that was collected by Nazi medical 'experiments'. While I certainly don't condone the experiments, the means with which the evidence was gathered isn't grounds to dismiss the evidence.) I think we've both made our positions clear, so I'm going to stop this thread unless you say something unbelievably radical. DS
participants (2)
-
David Schwartz -
Roeland Meyer