Earl Hood <[EMAIL PROTECTED]> writes: > (My last word due to Jeff's hint about terminating the thread)
(Ditto. I will restrict my comments to technical issues.) > On idealogical grounds, I have problems with this. Filtering can be > done, but auto-deletion must not be done w/o user's consent. > Regardless, the load is still there since the problem of actually > receiving the spam at the ISP end-point is still present. Using a blocklist, the message gets rejected at the SMTP layer and the originating MTA will generate a bounce. So a legitimate user whose mail is blocked will always get a bounce message and no data will be lost. By rejecting at the SMTP stage before reading the message body, the receiving MTA substantially reduces the load of handling the message. > But taken to its ultimate conclusion, block lists become too > "powerful" with a danger of severe abuse. I.e. Initially the lists > are run as rigid and as disciplined as possible, but as a few key > lists become the main players, their maintenance, and who is, and > not in, the list will get politicized. Some blocklists (ordb.org, list.dsbl.org) have completely mechanical and automated listing and delisting procedures. These are about as apolitical as you can get. If/when they change those policies, you can always stop using them. Others (like the SBL) are political by their nature, meaning the question is whether you can trust them. In the case of the SBL, I do; for most blocklists, I do not. > For example, you did not address my questions of how one can > actually determine reliably what are "dynamic IP ranges" and that > such "ranges" are *always* sources of spam. I was going to suggest reading <http://dynablock.easynet.nl/>, which until two days ago had their policy for identifying dynamic ranges clearly spelled out. But now... Oh, dear. > What statistical studies exist that show how much spam actually > originate from such "ranges"? dynablock.easynet.nl has been blocking about 30% of all inbound mail where I work (a few hundred messages per day). We have never had any complaints about a legitimate message being blocked. For my favorite blocklist resource, see "Blacklists Compared" at <http://www.sdsc.edu/~jeff/spam/cbc.html>. Based on these stats, and the 40-50 spam complaints I personally send every day, I believe at least half of all spam originates from dynamic address ranges. > How does that compare to sources from open relays and foreign > systems? For open relays, see the entry for ordb.org on Blacklists Compared. (ORDB is a very well-run open relay list; they have over 200000 listed.) Open relay abuse is now roughly two orders of magnitude less common than open proxy abuse; that is, it is practically nonexistent by comparison. As for "foreign systems", most of those spewing spam are also open proxies and many fall under the "dyamic ranges" umbrella. It is true that almost all spam comes from overseas, but that is mostly because the U.S. DSL and cable modem operators have gotten their act together. Many already block outbound port 25, and at least one makes its dynamic ranges available to any blocklist operators who want them. - Pat _______________________________________________ Gossip mailing list [EMAIL PROTECTED] http://www.mail-archive.com/cgi-bin/mailman/listinfo/gossip
