https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8193
Bill Cole <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #6 from Bill Cole <[email protected]> --- (In reply to Stefan from comment #5) > I have wasted a several hours of my time because of this problem, and I want > to share what I discovered. > > In response to Benny, it turns out there is nothing wrong with the set-up of > SpamAssassin on my server and no one was being "ignorant". Well, that's not exactly true. No one should be running SA in a configuration that violates the policies of the 3rd-party services that it supports. I don't believe that is explicitly stated in any documentation, as it is a fundamental rule: it should not need stating. > It turns out that this is ENTIRELY INTENTIONAL BEHAVIOR by dnswl.org: > > https://www.dnswl.org/?p=120 > > Summary: Those who haven't paid (or haven't paid enough) eventually start > receiving "whitelisted" for ALL queries. In other words, false positives > for ALL spammers. The available solutions to dnswl.org providing you bogus information as a direct consequence of your behavior all require you to behave differently. You can either stop querying dnswl.org or treat them like any other commercial service provider by paying their charges for your usage. > Not only that, dnswl.org does not make this at all clear on the main pages > of its website. This took a lot of digging. They also hide their pricing > behind a log-in. These are not the behaviors of a reputable or ethical > organization. Yes, despite the .org domain they appear to be a commercial operation rather than a charitable organization. You can expect any organization designed for making money rather than to serve a charitable function to sometimes be less kind than you would like. > I fail to understand why SpamAssassin doesn't warn users about this, why it > finds this type of behavior acceptable coming from one of its partner > services, and why it places a very high negative spam score of -5.0 on these > false positives. You are overestimating the strength of the relationship between the Spamassassin project and 3rd-party service providers. Personally, I was unaware of that policy, as it diverges from the widely used best practice for DNS-based lists: using distinct DNS results for policy violations. Knowing that they are doing so, I agree that we should not have their lists enabled by default. I will be raising this question with others in the community and the PMC. > At the very least, dnswl.org should simply be blocking non-paying users > instead of returning false positives, so that SpamAssassin assigns a score > of 0.0 instead of -5.0 (just like they do with the various blacklists that > block queries). That's NOT what the others do. All of the SA "BLOCKED" rules match on policy-specific replies. As that dnswl.org page notes, refusing queries is not useful because it garners no attention from those being refused and won't even be really visible to the worst offenders, those who refuse to operate their own recursive DNS resolvers and instead use free public resolvers. If I thought it would be welcomed in the community, I'd make all of the "BLOCKED" rules score significant negative (i.e. hammy) scores so people would fix their configsā¦ > Instead, SpamAssassin and dnswl.org work together to 'punish' web hosting WE DO NOT WORK "TOGETHER" WITH DNSWL IN ANY WAY. The 3rd-party services referenced in SA use the same free public mechanisms that can be used by anyone without SA. We don't set their policies or actively track changes. Changing defaults for such services is done on an as-noticed as-needed basis without considering the preferences of the operator of the 3rd-party service. Devising conspiracy theories to explain filters not doing the job you expect them to do is not productive. Spam filters make mistakes by their nature, and it requires no one nefariously working together to make you sad. Really. > companies by deliberately poisoning their customers' spam filters. Punish > the peasants to teach the king a lesson. Nothing in SA exists to punish SA users at any level or teach them any sort of lesson as a consequence of unwise behavior. If you believe otherwise, I urge you to not use SA. No one should use what they believe to be Fascist software. > My web hosting company's solution is: Set all dnswl.org-related scores to > 0.0. At this point I can't argue about that; dnswl.org are making > themselves irrelevant through their irresponsible behavior. All mail servers acting as public MXs should be running their own local recursive DNS resolver, rather than relying on any sort of "upstream" provider. This is a widely recognized best practice for many reasons, not just the issue of one list operator engaging in hostile self-defense. Anyone using a free DNS-Based List (or other free service) as a part of their commercial offerings needs to be aware that even with their own resolvers, they are burdening the list operators and those who provide list secondaries with their queries. It is your moral obligation to pay for services that you rely upon according to the policies of the service provider. If your query volume is higher than a lists's limits on free use, you are ethically required to stop or to pay for it. Setting ALL DNSWL rules to zero is one way to assure that you don't get bogus results from them, because you won't query them. Other ways include (*in addition* to the baseline of using your own recursive resolvers) staying below their limit for free use or paying them for more usage. -- You are receiving this mail because: You are the assignee for the bug.
