Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Wed, May 08, 2002 at 10:56:12PM +0200, Emile van Bergen wrote: what has size got to do with it? Because the distinction between a customer and an ISP is not clear. [...] that was a tautology. it only matters if you think size is relevant. it doesn't matter in the slightest whether an ISP's customer is another ISP or not. Using your mentality, then everything always gets escalated to the highest point (since everyone below the top-most ISP is essentially a customer). So... essentially, the highest point is nearly always the network provider... UUnet, Level3, MCIWorldcom... whomever owns the actual physical cable. So, continuing on that, you will have the 4 or 5 big physical network operators, each being responsible for all their downstream customers. An RBL will essentially hold each of these 4 or 5 physical network operators responsible for any spam that originates with their network. How impossible is that? You would essentially making the big 5 operators Gods of Email... controlling everything. And you would then have the situation that all the customers of, for example, UUnet, would not use any RBL because if they did, and that RBL decided that UUnet was responsible for spam, then they themselves would be blocked (just like many Asian ISPs do not use RBLs because many RBLs just block all mail from Asia, so they would in essense be blocking themselves). Qwest is an ISP. Is it responsible for mail sent from their ISP customers? yes. absolutely. without exception. they are responsible for all mail sent by their customers. Read above, and you will see what will happen from that. Perhaps they should be. Then, would you say, if a large percentage of their customer ISPs are spamha?ser (plural for spamhaus), should we start blocking all mail from Qwest? yes. if a significant amount of spam is coming out of qwest and they are doing little or nothing to stop it then they should be black-listed. Read above, and you will see what will happen from that... if you hold the large providers responsible for all their customers email, the end result is that no users will use the RBL for fear that their own network provider will be blacklisted by the RBL. At which percentage? How can we measure that? Using spam messages vs. total output perhaps? That sounds remarkably like what Spamcop's doing. So which criteria would *you* choose? You seem avoiding that question. at no percentage. it's about quantity of spam received versus their willingness and/or ability to do something about their spammer customers - as judged by competent people with several years experience in anti-spam activities. Ah ha... foot in mouth again. A small ISP with, for example, 500 customers, will find it very easy to shut down the account of a spammer. Perhaps you can explain how Hotmail, or any number of large freemail service providers, can do the same just as easily? If you agree that it is harder for large providers to act just as fast as a small provider, then you will see that there IS a difference between the way a small and large provider act regarding complaints and spam. So that, by itself, proves that your logic of size and mail volume does not matter is immediately flawed and incorrect. technological decisions and judgements should be made by those who are competent to make them, not by democratic processes or by giving equal weight to the opinions of experts and the ignorant/stupid. Then you think the US democratic process and people, whereby all are given a vote and have the ability to shape the outcome, is stupid. Are you American? Hence my question. Apparently you see a big and fundamental difference between an ISP, who would be allowed to do direct to MX SMTP, and a customer, who would not be allowed to do direct to MX SMTP. no, stop putting bullshit words in my mouth. i see a fundamental difference between dynamic IP address and static IP addresses. All your focus seems to go on dynamic IPs... yet you fail to see that those on static IPs will probably have higher bandwidth, and hence can do far more damage than any user on dynamic IPs. are you being genuinely stupid or is this a deliberate attempt to put straw-man words in my mouth? Just continue assuming I'm stupid. That's fine with me, if that helps. you're doing a damn good job of proving that you are stupid. Of course not. But now I understand. You were basically assuming that everyone agrees that 1. ISP is equivalent to static IPs, and 2. Customer is equivalent to dynamic IP. stop putting words in my mouth. especially stop putting cretinous words in my mouth. But thats the way other people see your standpoint... ISP = static IP and allowed to send direct-to-mx mail, Customer = dynamic IP and forced to use upstream's mail servers. Perhaps if people are not seeing your point of view... then it is your problem and not everyone elses? -- To UNSUBSCRIBE, email to
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Fri, May 10, 2002 at 07:19:27AM +0800, Jason Lim wrote: On Wed, May 08, 2002 at 10:56:12PM +0200, Emile van Bergen wrote: what has size got to do with it? Because the distinction between a customer and an ISP is not clear. [...] that was a tautology. it only matters if you think size is relevant. it doesn't matter in the slightest whether an ISP's customer is another ISP or not. Using your mentality, then everything always gets escalated to the highest point (since everyone below the top-most ISP is essentially a customer). So... essentially, the highest point is nearly always the network provider... UUnet, Level3, MCIWorldcom... whomever owns the actual physical cable. Calm down and think it through. There is a chain of responsiblity and any incident can be escalated. If ISP1 is on Sprint and ISP1 takes no action about spam from spammer-leaf-node-on-ISP1, then one needs to escalate to Sprint to take action to enforce aup on ISP1. If it turns out that sprint pipes mail to abuse@ into /dev/null, or even has a yellow contract with ISP1 that permits spam, then what? Or it might be that an ISP is trying to do something about a customer (monsterhut) or is just half-assed. Maybe you use rfc-ignorant. It's also possible that your standards might not jibe with everyone elses. Me, I think any site sending email that will not accept bounces deserves to go into RBL. Not everyone would even qualify such email as spam, but we do. You might decide that your customers cannot live without Sprint. You might decide that they cannot live **long term** with such actions. Or you might give them a choice. -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
Using your mentality, then everything always gets escalated to the highest point (since everyone below the top-most ISP is essentially a customer). So... essentially, the highest point is nearly always the network provider... UUnet, Level3, MCIWorldcom... whomever owns the actual physical cable. Calm down and think it through. There is a chain of responsiblity and any incident can be escalated. If ISP1 is on Sprint and ISP1 takes no action about spam from spammer-leaf-node-on-ISP1, then one needs to escalate to Sprint to take action to enforce aup on ISP1. If it turns out that sprint pipes mail to abuse@ into /dev/null, or even has a yellow contract with ISP1 that permits spam, then what? Or it might be that an ISP is trying to do something about a customer (monsterhut) or is just half-assed. Maybe you use rfc-ignorant. I understand completely on what you are trying to say. Naturally, if a downstream customer of, for example, UUnet, refuses to take any action against their spamming users, then UUnet must step in to do something. However, my point is... on the actual size of the customer. For example... if the customer was small ISP with 500 users, then 100 spam complaints against that small ISP would obviously mean something is seriously wrong with that small ISP (technically, or otherwise), and UUnet would be justified in either cutting off the small ISP or doing other similar actions. If the customer was a large ISP with 5M users, then 100 spam complaints doesn't seem so many when you look at it from a top-down picture, and UUnet may not be justified in cutting off that large ISP for those complaints, EVEN THOUGH the number of complaints is the same as the small ISP. Now... if the complaints were 10,000, then obviously they have a problem... if you agree with this thinking, then we are thinking along the terms of ratios and mail volumes, and then we start looking at the methods employed by RBLs like Spamcop. Hence, it makes sense that large customers (such as large ISPs, Universities, etc.) are given more breathing room regarding complaints, and are allowed to handle this more. Does this make sense? It's also possible that your standards might not jibe with everyone elses. Me, I think any site sending email that will not accept bounces deserves to go into RBL. Not everyone would even qualify such email as spam, but we do. I thought there was more-or-less a standard definition of spam... unsolicited bulk email. Are bounces going to /dev/null, or such, unsolicited bulk email? Perhaps I am mistaken regarding the definition. You might decide that your customers cannot live without Sprint. You might decide that they cannot live **long term** with such actions. Or you might give them a choice. Well... if it was personal email, i could probably accept it. For business email, even a few missed customer emails would be more than unacceptable. So RBLs that employ netblock-wide filters are unacceptable... only ones that target specific IPs would do well as they, obviously, would have less effect that a block on a whole ISP like Sprint. That would mean more spam gets through, but as a business, i think that is better. Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
Yes. But if you want to get rid of _any_ spam, shut down your MTA. Which will yield about the same effect than using Spamcop as a German ISP. Have you sent an email to the administrators of spamcop informing them of the sizes of the ISPs in question?^ Why should I? After first noticing GMX in the Spamcop BL, I have simply disabled it on my machines in its entirety. It is my firm opinion that Spamcop sucks, and I don't intend to collaborate with them. Okay... like I've said before, what do you mean GMX is in Spamcop? Alternatively, I'll ask you this... what would do if you found GMX in a BL other than Spamcop? You would probably email the list operators (if you can actually FIND them, unlike Spews, BLARS, and other hidden owner RBLs), and tell them that GMX is a big freemail provider, and stuff like that. So why would you handle all other RBLs different from Spamcop? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
--- Q41: How does one contact SPEWS? A41: One does not. SPEWS does not receive email - it's just an automated system and website, SPEWS and other blocklist issues can be discussed in the public forums mentioned above... Note that posting messages in these newsgroups lists will not have any effect on SPEWS listings the fact is that SPEWS lists known spam sources.this is good. i *WANT* known spam sources to be blocked. I don't want to receive mail from known spam sources. you seem to think that there's something wrong with this. Okay... in that case, you can block virtually ALL the large network providers and hosting providers like Sprint, UUnet, Level3, etc., because nearly all of them have some sort of spam problem, big or small. I know of virtually no large provider that has not had 1 single complaint of spam about them. Jason has complained in the past about his IP addresses being listed in spews even though none of them has ever been used for sending spam. Simply because he lives in a country that contains lots of open relays is enough to be listed as a spammer. Is this a better policy than spamcop? well, then, all he has to do is move to another country. problem solved, right? after all, if it's a documented policy, it must be right and he has no cause to complain...any more than anyone else has cause to complain about spamcop's documented policy. That is real mature... move to another country. So that is your solution. I think that just about sums up the logic you have about all this. ISP is (eg. Sprint), they will still block them. In Spamcop's case, it won't ban large ISPs, because if you tell them a general figure for the mail volume, it will take that into consideration. why the hell should an RBL care how big an ISP is? it's not relevant - they're either part of the spam problem or they're not. size doesn't come into it. Okay... go ahead and block Sprint, UUnet, Level3, Hotmail, YahooMail, and all other providers with spam complaints. It is relevant. In my spare time I run two small ISPs in Melbourne. The total user-base of them both is 1000 users, logs are carefully watched, and spam incidence is almost zero. 18 months ago I was running one of Europe's larger ISPs with 500,000 users (probably comparable to the entire online population of Australia). The amount of spam reports was hugely higher as you would expect primarily because of having a larger user base. it's still not relevant. a host is either a spam problem or not. if it is a problem, then it should be blacklisted regardless of the size of the ISP responsible for it. if it's not a problem, then it shouldn't be listed. Again, go ahead and block Sprint, UUnet, Level3, Hotmail, YahooMail, and all other providers with spam complaints. Blocking one of the smaller Melbourne ISPs because of 10 different people complaining about spam in one day is reasonable. But blocking zonnet.nl for less than 500 spam reports would be totally unreasonable! I think it is all relative. If a small company with 500 users has 100 spam complaints, then obviously their problem is real big and they are having a serious problem... and unless they clean up their act, they are obviously blackhat. On the other hand, Hotmail getting 100 complaints when they have... what... 10M email accounts (or more?), would be plain stupid. It is all relative. And to say otherwise is plainly foolish. most complaints are self-evidently made by idiots. hardly anyone who is capable of reading headers isn't going to waste their time reporting to spamcop, they're going to maintain their own filters insteadwhich leaves the vast majority of spamcop reporters being idiots. garbage in, garbage out. I can read the headers just fine. I use Spamcop because it saves me time. If I was to personally parse all the spams that I get manually, then thats all i'd do all day. I have better things to do... not sure about you. that's one of the problems with spamcop. if a host deserves to be listed in an RBL, then it should be listed regardless of how large the ISP is. otherwise you end up with notorious spam-havens like uunet being immune to listing no matter how many pink contracts they sign, while small ISPs get listed just because some vermin spammer forged their IP address in a Received line. I've said it before, and I'll say it again... go ahead and block Sprint, UUnet, Level3, Hotmail, YahooMail, and all other providers with spam complaints. a bad (i.e. spamhaven) ISP should be blacklisted regardless of their size. good ISPs shouldn't be blacklisted. Your definition of good and bad is so subjective it isn't worth commenting on. I work with facts and figures. Spamcop does the same... if a host is considered to have above 2% email as spam, or something like that, then it will block that
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, 7 May 2002, Craig Sanders wrote: On Tue, May 07, 2002 at 12:22:26PM +1000, Russell Coker wrote: [SNIP] It is relevant. In my spare time I run two small ISPs in Melbourne. The total user-base of them both is 1000 users, logs are carefully watched, and spam incidence is almost zero. 18 months ago I was running one of Europe's larger ISPs with 500,000 users (probably comparable to the entire online population of Australia). The amount of spam reports was hugely higher as you would expect primarily because of having a larger user base. it's still not relevant. a host is either a spam problem or not. if it is a problem, then it should be blacklisted regardless of the size of the ISP responsible for it. if it's not a problem, then it shouldn't be listed. That is clear reasoning. However, things become less clear as soon as you go on to define *when* a host must be considered a spam problem then. The criteria for that are never unfallible, otherwise we wouldn't even be having this discussion. They are always based on some heuristic that reasons based on indirect data. So what I don't understand is why you'd consider any heuristic that pulls the size of the host into the equasion as invalid a priori? It may be just as valid as anything else. Saying that only the information may be used whether a host is an open relay is too simple a way out of this discussion. Sure, that criterium is easy enough; there are no negative consequences at all to closing the MTA, so the errors in the reasoning (spam often comes through open relays, therefore all open relays are spam sources) don't really matter because anybody can and should fix the problem anyway. Also, not unimportantly, you can perform a conclusive test without manual intervention. However, this doesn't solve the problem at hand: spammers that just spam from their IPs directly to recipient's MXes are not included at all in this heuristic. I hope you can follow the argument that it would be desireable to do something about *that* as well, and that it makes sense for people to try and devise some heuristic that shows correlation between its output and whether a host is a spam problem. Then, you may consider Spamcop's heuristic bad, sure. But so far it's the only serious attempt of attacking the problems that are left once you take the open relays out. If you have a better way to decide whether a host is a direct spam source than Spamcop's (effectively the complaints / output volume ratio), then by all means, please share your wisdom. We may learn something. Even a heuristic that would leave out the complaints and use e.g. Spamassassin's rules, you'd still need to factor in the output volume. And it makes sense too, you know. If you would just change 'host' to 'person'. At which point do you suggest to punish someone by disconnecting him from the internet? After sending one spam message? Two? Even if he sends a lot of other, highly esteemed mail, contributing greatly to arts and sciences? The point is, you'll inevitably arrive at some ratio to the total number of messages sent. There's not only nothing wrong with Spamcop using that. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, 7 May 2002 17:44, Jason Lim wrote: Jason has complained in the past about his IP addresses being listed in spews even though none of them has ever been used for sending spam. Simply because he lives in a country that contains lots of open relays is enough to be listed as a spammer. Is this a better policy than spamcop? well, then, all he has to do is move to another country. problem solved, right? after all, if it's a documented policy, it must be right and he has no cause to complain...any more than anyone else has cause to complain about spamcop's documented policy. That is real mature... move to another country. So that is your solution. I think that just about sums up the logic you have about all this. I think that Craig was trying to draw an analogy between my position on SpamCop and the position some people take regarding SPEWS. capable of reading headers isn't going to waste their time reporting to spamcop, they're going to maintain their own filters insteadwhich leaves the vast majority of spamcop reporters being idiots. garbage in, garbage out. I can read the headers just fine. I use Spamcop because it saves me time. If I was to personally parse all the spams that I get manually, then thats all i'd do all day. I have better things to do... not sure about you. Same here, that's why I use SpamCop. Also I'll trust the scripts of SpamCop to parse the headers correctly rather than my own ability, presumably the SpamCop admins know better how to parse such headers than I do, and scripts are not going to mis-read things or make typos... No one is asking you for every spam you receive. Give 1 example. And even if 1 example got though, the Spamcop admins (check the newsgroups and mailing lists) are contantly tweaking and improving the code used to identify spam. So even IF your example does prove to be true (which you have no proof or example of) then tell Spamcop and they will analyse it. Yes, presumably the SpamCop admins could be discredited if someone proves that their scripts mis-diagnose spam sources and they fail to fix them. So someone who dislikes SpamCop could attack them by publishing information on how to defeat their scripts... -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, 7 May 2002 15:57, Marc Haber wrote: On Tue, 7 May 2002 01:49, Marc Haber wrote: Yes. But if you want to get rid of _any_ spam, shut down your MTA. Which will yield about the same effect than using Spamcop as a German ISP. Have you sent an email to the administrators of spamcop informing them of the sizes of the ISPs in question?^ Why should I? After first noticing GMX in the Spamcop BL, I have simply disabled it on my machines in its entirety. It is my firm opinion that Spamcop sucks, and I don't intend to collaborate with them. There are much better blocking lists than the one with the highest false positive rate. I currently use the following black lists, and IMHO none of them give false positives. bl.spamcop.net, blackholes.mail-abuse.org, dialups.mail-abuse.org, relays.mail-abuse.org, relays.osirusoft.com, relays.ordb.org, dnsbl.njabl.org, abuse.rfc-ignorant.org, postmaster.rfc-ignorant.org -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
NOTE: unless you have something worthwhile and DIFFERENT to say, go away and stop bothering me. i'm not at all interested in the brain-damaged opinions of a moron, and this thread got very boring a long time ago. On Tue, May 07, 2002 at 05:44:39PM +1000, Jason Lim wrote: the fact is that SPEWS lists known spam sources.this is good. i *WANT* known spam sources to be blocked. I don't want to receive mail from known spam sources. you seem to think that there's something wrong with this. Okay... in that case, you can block virtually ALL the large network providers and hosting providers like Sprint, UUnet, Level3, etc., because nearly all of them have some sort of spam problem, big or small. I know of virtually no large provider that has not had 1 single complaint of spam about them. if they are running an open relay then i will block them. if they allow spammers to hide on their network then i will block them. big isp's will only stop signing pink contracts if it costs them more than they gain. That is real mature... move to another country. So that is your solution. I think that just about sums up the logic you have about all this. you must be an american - you can't recognise sarcasm unless it has ...NOT! on the end. why the hell should an RBL care how big an ISP is? it's not relevant - they're either part of the spam problem or they're not. size doesn't come into it. Okay... go ahead and block Sprint, UUnet, Level3, Hotmail, YahooMail, and all other providers with spam complaints. i don't have a problem with blocking servers belonging to any of the above - if they are part of the spam problem (whether due to incompetence or greed), they should be black-listed. On the other hand, Hotmail getting 100 complaints when they have... what... 10M email accounts (or more?), would be plain stupid. if hotmail runs an open relay then it should be black-listed. It is all relative. And to say otherwise is plainly foolish. no, it's not relative. there is an absolute, black-and-white criteria which you are too stupid to see: if a site is part of the spam problem then it should be black-listed. if it is not part of the problem then it shouldn't be listed. most complaints are self-evidently made by idiots. hardly anyone who is capable of reading headers isn't going to waste their time reporting to spamcop, they're going to maintain their own filters insteadwhich leaves the vast majority of spamcop reporters being idiots. garbage in, garbage out. I can read the headers just fine. I use Spamcop because it saves me time. thank you for being an example to support my argument. a bad (i.e. spamhaven) ISP should be blacklisted regardless of their size. good ISPs shouldn't be blacklisted. Your definition of good and bad is so subjective it isn't worth commenting on. to the contrary, your lowbrow definition is subjective - relying on arbitrary and irrelevant criteria like ISP size. mine is purely objective: is a site part of the spam problem or not? do they originate or relay spam? if yes, then they are bad so blacklist them. if not, then don't. I work with facts and figures. Spamcop does the same... if a host is considered to have above 2% email as spam, or something like that, then it will block that host. So therefore, if UUnet (good or bad) sends out 10M emails per day, and Spam complaints are 1000, then okay... but if a tiny host sends out 500K emails, and spam complaints are also 1K, then obviously they have a problem. this idea is brain-damaged. all it does is allow spammers to hide in the volume of larger ISP...they can get away with spamming (and the ISP can get away with signing pink contracts) as long as they keep the spam under X percent of the total volume. that's why i don't like spamcop. they are nothing but crappy implementations of stupid ideas. I've said it before, but you obviously don't get it. i get what you said. the problem is not my comprehension, but the fact that you are wrong. both your example hosts above have a spam problem. both should be fixed. hosting or relaying for a spammer is not suddenly OK just because you send millions of emails a day. it's wrong if you send only 1 email/day, and it's still wrong if you send 10 billion emails/day. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, May 07, 2002 at 10:25:12AM +0200, Emile van Bergen wrote: On Tue, 7 May 2002, Craig Sanders wrote: no, it's not relative. there is an absolute, black-and-white criteria which you are too stupid to see: if a site is part of the spam problem then it should be black-listed. if it is not part of the problem then it shouldn't be listed. Pray tell then, *when* is a site part of the spam problem? Please share your infallible, absolute, black-and-white criteria for that, because obviously we were missing it all along. yes, you have missed it because i've mentioned it several times in this thread. here it is spelt out so that even you or jason should be able to understand it: 1. is the site an open relay? 2. is the site a spam source? 3. does the site host any spamvertised sites? 4. does the site provide any other spam support services? if any of the above are true, then the site should be black-listed. regardless of company size. see, the criteria are very simple: are they spammers or do they assist spammmers? no subjectivity, no exceptions, no different rules for the big end of town. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
Hi, On Tue, 7 May 2002, Craig Sanders wrote: On Tue, May 07, 2002 at 10:25:12AM +0200, Emile van Bergen wrote: On Tue, 7 May 2002, Craig Sanders wrote: no, it's not relative. there is an absolute, black-and-white criteria which you are too stupid to see: if a site is part of the spam problem then it should be black-listed. if it is not part of the problem then it shouldn't be listed. Pray tell then, *when* is a site part of the spam problem? Please share your infallible, absolute, black-and-white criteria for that, because obviously we were missing it all along. yes, you have missed it because i've mentioned it several times in this thread. here it is spelt out so that even you or jason should be able to understand it: 1. is the site an open relay? That is a good one, but doesn't catch all cases. You recognise that too: 2. is the site a spam source? That's my point. *Where* is your threshold? *When* do you, with absolute certainty, conclude that a site is a spam source? Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, 7 May 2002 18:21, Emile van Bergen wrote: I currently use the following black lists, and IMHO none of them give false positives. [SNIP] dialups.mail-abuse.org, You must be kidding. This is a list that considers people who don't use their provider's MTA as trespassers (quote from MAPS' information page about this list), and assumes dialup/DSL people to be guilty by default. Making the ISP accountible for the mail sent by their customers by having it forced through their MTA in this way is a senseless way of approaching the problem, IMHO. No it is a quite sensible way of doing it. When an ISP has 64,000 phone lines with associated IP addresses in active use then a spammer can just make repeated connections with different IP addresses to send out spam. Blocking one of the IP addresses used by a dial-up will do no good, as the person using it by that time probably isn't the spammer! Also you have to take some action against the ISP when spam goes through their network. Some time ago I was working for an ISP where the help-desk workers (the people who read postmaster email) were very unwilling to communicate in any language other than Dutch. They only grudgingly started communicating with me (the most senior member of the Unix admin team) after I promised to persue the matter through the chain of command and get their boss repremanded if something didn't happen! If you did get the help-desk people to read your complaint about spam (which would be unlikely if it wasn't written in Dutch) then there was only the smallest possibility that it might be forwarded to me as user [EMAIL PROTECTED] was spammed by someone from our site (without any headers, IP addresses, or time stamps), so I'd just delete the message as attempting to get the full details was more pain than it was worth. Also flaming the ISP in the nl.* usenet groups generally didn't do any good (although there was one single occasion when an intelligent person translated one of the flames to English and sent it to me and I then fixed it). The only solution to such a situation is to block dial-ups and then block the outbound relays from the ISP if they are used for spam. Blocking outbound mail is something that makes everyone take notice, and then people like me get the support they need to get things done. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, May 07, 2002 at 10:21:30AM +0200, Emile van Bergen wrote: On Tue, 7 May 2002, Russell Coker wrote: I currently use the following black lists, and IMHO none of them give false positives. [SNIP] dialups.mail-abuse.org, btw, dynablock.wirehub.net is better. unlike the MAPS DUL it is updated regulary. it's also a free service. You must be kidding. This is a list that considers people who don't use their provider's MTA as trespassers (quote from MAPS' information page about this list), you don't have to use your dialup ISP's mail server. you are free to use any reputable mail server on the net (e.g. via uucp over tcp). and assumes dialup/DSL people to be guilty by default. Dynamic IP address is the criteria. seems like a perfectly reasonable assumption to me. in my experience, all mail which comes directly from a dynamic IP *IS* spam. the tiny handful of hobbyists with their own domains hosted on a dynamic IP with linux or freebsd should quit whining and use their ISP's mail server. or get themselves a uucp over tcp mail feed. or batched smtp over ssh. or similar. frankly, if they're not competent to do any of these things then they're not competent enough to be running a mail server on the internet. Making the ISP accountible for the mail sent by their customers by having it forced through their MTA in this way is a senseless way of approaching the problem, IMHO. making ISPs responsible for the mail sent by their customers is the ONLY thing that actually works. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, 7 May 2002 18:55, Craig Sanders wrote: Dynamic IP address is the criteria. seems like a perfectly reasonable assumption to me. in my experience, all mail which comes directly from a dynamic IP *IS* spam. the tiny handful of hobbyists with their own domains hosted on a dynamic IP with linux or freebsd should quit whining and use their ISP's mail server. or get themselves a uucp over tcp mail feed. or batched smtp over ssh. or similar. frankly, if they're not competent to do any of these things then they're not competent enough to be running a mail server on the internet. Absolutely. Findind a suitable server to relay through is not that difficult. Relaying mail securely through ssh tunnels prevents unauthorised use and only requires a server with ssh access that accepts [127.0.0.1]25 connections. On a few occasions after discussions such as this one I have offered an ssh account on one of my servers for such purposes to one of the people involved in the dicsussion, but then it always seems to turn out that they don't REALLY want to solve an email problem, they just want to argue about spam politics. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, 7 May 2002, Craig Sanders wrote: and assumes dialup/DSL people to be guilty by default. Dynamic IP address is the criteria. Ok, if that the *only* criteria I don't have a problem with it. Making the ISP accountible for the mail sent by their customers by having it forced through their MTA in this way is a senseless way of approaching the problem, IMHO. making ISPs responsible for the mail sent by their customers is the ONLY thing that actually works. I don't get this. In the other thread you advocate that site size shouldn't matter, and I agree to that when it comes to this thing. Following this reasoning, would you want to force an ISP that only has a single connection also to deliver all their mail through that upstream ISP's MTAs, purely for accountability purposes? That's nonsense. Hopefully DUL indeed only lists dynamic IP blocks. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, 7 May 2002 18:41, Craig Sanders wrote: yes, you have missed it because i've mentioned it several times in this thread. here it is spelt out so that even you or jason should be able to understand it: 1. is the site an open relay? Most people here agree on this, but you'll still see some debate, particularly about the distinction between relays that are merely open and relays that have been actively abused. Some people think that we shouldn't block an open relay until it's spammed us. 2. is the site a spam source? What is a spam source? If one of your customers suddenly starts sending out spam does that make you a spam source? What if they do it just after the chief admin has gone on holidays and the junior people make spam blocking a low priority? 3. does the site host any spamvertised sites? That is not inherantly wrong. If someone who is paying one of my clients for legitimate web serving and spamvertises it through another ISP then I won't immidiately take the site down. Firstly it's an issue for the other ISP to stop the spam being sent. Then I have to be convinced that the spam was sent out by the owner of the site before I will consider taking it down (otherwise if you don't like a site you can spamvertise it to get it taken down). 4. does the site provide any other spam support services? OK, but that's difficult to determine. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
Okay... in that case, you can block virtually ALL the large network providers and hosting providers like Sprint, UUnet, Level3, etc., because nearly all of them have some sort of spam problem, big or small. I know of virtually no large provider that has not had 1 single complaint of spam about them. if they are running an open relay then i will block them. if they allow spammers to hide on their network then i will block them. You are *ONLY* concerned with open relays? What about all the spam that is direct to MX or uses the ISP's mail server? why the hell should an RBL care how big an ISP is? it's not relevant - they're either part of the spam problem or they're not. size doesn't come into it. Okay... go ahead and block Sprint, UUnet, Level3, Hotmail, YahooMail, and all other providers with spam complaints. i don't have a problem with blocking servers belonging to any of the above - if they are part of the spam problem (whether due to incompetence or greed), they should be black-listed. Ah ha... but Sprint was blocked by some RBLs... not just an IP or server of Sprint, all of Sprint's netblocks. Apparently, as your say, that is the only way for them to wake up (as collateral damage costs the ISP money), and that is how all the manual RBLs work. Spamcop blocks individual IPs... ah... are you contradicting yourself? On the other hand, Hotmail getting 100 complaints when they have... what... 10M email accounts (or more?), would be plain stupid. if hotmail runs an open relay then it should be black-listed. It is all relative. And to say otherwise is plainly foolish. no, it's not relative. there is an absolute, black-and-white criteria which you are too stupid to see: if a site is part of the spam problem then it should be black-listed. if it is not part of the problem then it shouldn't be listed. Then go ahead and block UUnet's netblocks, as well as Sprint, Level3, and all the other big company's netblocks, because I doubt you will find one big company with a spotless spam record. a bad (i.e. spamhaven) ISP should be blacklisted regardless of their size. good ISPs shouldn't be blacklisted. Your definition of good and bad is so subjective it isn't worth commenting on. to the contrary, your lowbrow definition is subjective - relying on arbitrary and irrelevant criteria like ISP size. An ISP's size is arbitrary and irrelevent, while good and bad is clear. If you say so. mine is purely objective: is a site part of the spam problem or not? do they originate or relay spam? if yes, then they are bad so blacklist them. if not, then don't. THEN go ahead and block UUnet's netblocks, as spam is proven to originate with them. Sprint, Level3, Reach, and a whole host of the big networks all have proven to have spam originate with them. Go ahead and blacklist them, and see what you are left with. I work with facts and figures. Spamcop does the same... if a host is considered to have above 2% email as spam, or something like that, then it will block that host. So therefore, if UUnet (good or bad) sends out 10M emails per day, and Spam complaints are 1000, then okay... but if a tiny host sends out 500K emails, and spam complaints are also 1K, then obviously they have a problem. this idea is brain-damaged. all it does is allow spammers to hide in the volume of larger ISP...they can get away with spamming (and the ISP can get away with signing pink contracts) as long as they keep the spam under X percent of the total volume. Well, if they did that, then obviously the volume of spam would rise, and then the % of spam to email volume would increase, and hence they would end up blocked. hosting or relaying for a spammer is not suddenly OK just because you send millions of emails a day. it's wrong if you send only 1 email/day, and it's still wrong if you send 10 billion emails/day. Very good. Then please, go ahead and block virtual every large host (and since you said even tiny hosts with 1 email/day), and every small host with any spam complaints against it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
[SNIP] no, it's not relative. there is an absolute, black-and-white criteria which you are too stupid to see: if a site is part of the spam problem then it should be black-listed. if it is not part of the problem then it shouldn't be listed. Pray tell then, *when* is a site part of the spam problem? Please share your infallible, absolute, black-and-white criteria for that, because obviously we were missing it all along. And if he can answer that, we've solved the spam problem altogether! Fantastic! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
2. is the site a spam source? That's my point. *Where* is your threshold? *When* do you, with absolute certainty, conclude that a site is a spam source? Actually, he sort of answered you... if any of the above are true, then the site should be black-listed. regardless of company size. So, with 1 spam complaint against it, regardless of size, then that company should be blacklisted. I am still wondering why he hasn't blacklisted UUnet, Level3, and other large ISP's netblocks, since many of them do have spam originate with them. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, 7 May 2002, Russell Coker wrote: On Tue, 7 May 2002 18:21, Emile van Bergen wrote: You must be kidding. This is a list that considers people who don't use their provider's MTA as trespassers (quote from MAPS' information page about this list), and assumes dialup/DSL people to be guilty by default. Making the ISP accountible for the mail sent by their customers by having it forced through their MTA in this way is a senseless way of approaching the problem, IMHO. No it is a quite sensible way of doing it. When an ISP has 64,000 phone lines with associated IP addresses in active use then a spammer can just make repeated connections with different IP addresses to send out spam. Blocking one of the IP addresses used by a dial-up will do no good, as the person using it by that time probably isn't the spammer! Of course. As said, if the list causes only people with *dynamic* IPs to be forced to use their ISP's MTA, I'd agree that it's a very good idea. But if we start using a policy that declares all endpoint-to-endpoint mail illegal, allowing the direct to MX SMTP privilege only to large(r) sites, then we'll set ourselves back to some form of uucp, and practically start to advocate a single policing global mail hub that's in the end responsible for everyone's mail. I'm sure it would require a MS Passport account ;-) I'd *hate* that to happen -- it defeats the point of the internet itself, where individual people aren't just hapless consumers but can be producers as well if they choose to. [SNIP good points about pressuring ISPs to act responsibly] But where do you stop the accountibility chain? At which point (size!) do sites become responsible for their own actions? Indeed, the only sensible answer seems to be if it has a fixed IP address. Not whether they are intermittently connected, whether they use PPP, or what their bandwith is. That has nothing to do with it. In short, dialup is the wrong name. It should be dynamic IP. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
1. is the site an open relay? Most people here agree on this, but you'll still see some debate, particularly about the distinction between relays that are merely open and relays that have been actively abused. Some people think that we shouldn't block an open relay until it's spammed us. I believe in innocent until proven guilty. But thats me. And I also believe in it, because it is very possible that one of the tests to determine if it is an open-relay is braindead... what if I made a mail server that pretends it will relay email, but in fact does not, and actually records the IP that tried to abuse the open relay and reports it to the admins (i consider that very whitehat)? My point is that the test is not foolproof either... unlike your everything is black and white stance. This word is not black or white... if only it were. 3. does the site host any spamvertised sites? That is not inherantly wrong. If someone who is paying one of my clients for legitimate web serving and spamvertises it through another ISP then I won't immidiately take the site down. Firstly it's an issue for the other ISP to stop the spam being sent. Then I have to be convinced that the spam was sent out by the owner of the site before I will consider taking it down (otherwise if you don't like a site you can spamvertise it to get it taken down). Actually, we have experienced this. A number of our clients have those affiliate programs, and every now and then, one of their affiliates decides to promote via spam. We will not take them down straight away... because we have worked with our clients and know they will remove that affiliate. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
Of course. As said, if the list causes only people with *dynamic* IPs to be forced to use their ISP's MTA, I'd agree that it's a very good idea. Very good idea... but how is the RBL going to stay so up-to-date with what is static, what is dynamic, etc.? It sounds good, but would be a logistic and administrative nightmare to keep it all current. Or has this been automated (or some other way)? But if we start using a policy that declares all endpoint-to-endpoint mail illegal, allowing the direct to MX SMTP privilege only to large(r) sites, then we'll set ourselves back to some form of uucp, and practically start to advocate a single policing global mail hub that's in the end responsible for everyone's mail. I'm sure it would require a MS Passport account ;-) Good grief... don't give Micro$oft any MORE ideas ;-) But where do you stop the accountibility chain? At which point (size!) do sites become responsible for their own actions? Indeed, the only sensible answer seems to be if it has a fixed IP address. Not whether they are intermittently connected, whether they use PPP, or what their bandwith is. That has nothing to do with it. In short, dialup is the wrong name. It should be dynamic IP. This sounds good to me. If it is a dynamic IP, then they can keep redialing (if dialup) and hence get around Spamcop's blocks. SO, block the dynamic IPs, then use Spamcop to handle the static IPs. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, 7 May 2002, Jason Lim wrote: Of course. As said, if the list causes only people with *dynamic* IPs to be forced to use their ISP's MTA, I'd agree that it's a very good idea. Very good idea... but how is the RBL going to stay so up-to-date with what is static, what is dynamic, etc.? It sounds good, but would be a logistic and administrative nightmare to keep it all current. Or has this been automated (or some other way)? See http://www.mail-abuse.org/dul/adding.htm. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, 7 May 2002 19:48, Jason Lim wrote: And I also believe in it, because it is very possible that one of the tests to determine if it is an open-relay is braindead... what if I made a mail server that pretends it will relay email, but in fact does not, and actually records the IP that tried to abuse the open relay and reports it to the admins (i consider that very whitehat)? My point is that the test is not foolproof either... unlike your everything is black and white stance. If you can send a cryptographically signed message is to a mail server outside your network and addressed to a machine in your network, if you receive it at it's destination and the crypto sign matches then you know it's an open relay. This word is not black or white... if only it were. Open relay tests are very black or white. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, May 07, 2002 at 06:55:29PM +1000, Craig Sanders wrote: On Tue, May 07, 2002 at 10:21:30AM +0200, Emile van Bergen wrote: and assumes dialup/DSL people to be guilty by default. Dynamic IP address is the criteria. seems like a perfectly reasonable assumption to me. in my experience, all mail which comes directly from a dynamic IP *IS* spam. the tiny handful of hobbyists with their own domains hosted on a dynamic IP with linux or freebsd should quit whining and use their ISP's mail server. or get themselves a uucp over tcp mail feed. or batched smtp over ssh. or similar. frankly, if they're not competent to do any of these things then they're not competent enough to be running a mail server on the internet. We operate in one of the older RoadRunner areas and have been providing that service for years for hobbyists. 100:1 any such hobbyist can find that equivalent anywhere in the world. Making the ISP accountible for the mail sent by their customers by having it forced through their MTA in this way is a senseless way of approaching the problem, IMHO. making ISPs responsible for the mail sent by their customers is the ONLY thing that actually works. Yes, and the only times we've been blacklisted was when our customers turned out to be running open relays on their shiny new NT boxes. Many cable modem systems provide static addresses. This gets really sticky, because lately we've been getting a lot of spam from them. The local abuse/postmaster@isp merely disclaims responsibility and forwards complaints to the operator. Just local here in Portland Maine there are some 3000 businesses on cable; as more and more of them start running their own SMTP servers and plugging in CDROM email databases this problem will mushroom. The damage a spammer can do from dialup is nothing compared to what he can do on a 2M cable connection with a linux box and powerful MTA. The only entity that can do anything is the ISP. They have to be responsible for the mail their customers send. cfm craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
Hi, On Tue, 7 May 2002, [EMAIL PROTECTED] wrote: On Tue, May 07, 2002 at 06:55:29PM +1000, Craig Sanders wrote: On Tue, May 07, 2002 at 10:21:30AM +0200, Emile van Bergen wrote: Making the ISP accountible for the mail sent by their customers by having it forced through their MTA in this way is a senseless way of approaching the problem, IMHO. making ISPs responsible for the mail sent by their customers is the ONLY thing that actually works. Don't skip the part that says by having it forced through the ISP's MTA. I agree with the point of holding ISPs responsible for spammers on their network, just not with the 'solution' of forcing all mail to go through their MTA, at least when static IPs are concerned. They can be blocked on an IP-by-IP basis, and the ISP can easily disconnect the customer to which the IP belongs. Yes, and the only times we've been blacklisted was when our customers turned out to be running open relays on their shiny new NT boxes. Many cable modem systems provide static addresses. This gets really sticky, because lately we've been getting a lot of spam from them. The local abuse/postmaster@isp merely disclaims responsibility and forwards complaints to the operator. Just local here in Portland Maine there are some 3000 businesses on cable; as more and more of them start running their own SMTP servers and plugging in CDROM email databases this problem will mushroom. The damage a spammer can do from dialup is nothing compared to what he can do on a 2M cable connection with a linux box and powerful MTA. The only entity that can do anything is the ISP. They have to be responsible for the mail their customers send. That's all fine, but then the solution is to hold the ISP responsible if he leaves a known spammer connected, *not* to force their customers to use their MTA. Both the connectivity and the MTA service are subject to some acceptable use policy. The ISP does not need the MTA as an extra gatekeeper for blocking spammers - he can just disconnect them, if he's good willing. If he isn't, the rest of the world does not need to be able to block an ISPs MTA to be able to pressure the ISP to disconnect spammers; they can just block his customer netblocks instead. That's a much cleaner solution than to force sites (that have a static IP) to use some ISPs MTA, because you don't have to decide at which size or connectedness you draw the line. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Sun, May 05, 2002 at 11:48:10PM +1000, Jason Lim wrote: This is why Spamcop's collateral damage is much lower than others in that it does not block entire ranges, and which is why it is suitable for an ISP or Hosting company to use. both of the above assertions are false. spamcop does NOT have lower (let alone much lower) collateral damage than other RBL's - in fact, it has a MUCH HIGHER level of collateral damage than professionally run RBLs. Nor is it at all suitable for use by ISP or hosting companies. at best, it might be suitable for use by a hobbyist who didn't care much about collateral damage. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Sun, May 05, 2002 at 11:48:10PM +1000, Jason Lim wrote: This is why Spamcop's collateral damage is much lower than others in that it does not block entire ranges, and which is why it is suitable for an ISP or Hosting company to use. both of the above assertions are false. spamcop does NOT have lower (let alone much lower) collateral damage than other RBL's - in fact, it has a MUCH HIGHER level of collateral damage than professionally run RBLs. Nor is it at all suitable for use by ISP or hosting companies. at best, it might be suitable for use by a hobbyist who didn't care much about collateral damage. It would be useful if you backed up your point with some sort of evidence or proof. My point is that the collateral damage is lower, due to the fact that entire IP ranges are not blocked, and hence it is useful for hosting companies and ISPs. What is your's? What fact do you have to prove otherwise? How does blocking entire IP ranges like other RBLs lower collateral damage? Sincerely, Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Mon, May 06, 2002 at 04:31:24PM +1000, Jason Lim wrote: It would be useful if you backed up your point with some sort of evidence or proof. you're the one making the claim - the onus is on YOU to *prove* that spamcop has a lower collateral damage than other RBLs. My point is that the collateral damage is lower, due to the fact that entire IP ranges are not blocked, and hence it is useful for hosting companies and ISPs. your theoretical point isn't worth very much, especially when practical experience directly contradicts your theory. What is your's? What fact do you have to prove otherwise? How does blocking entire IP ranges like other RBLs lower collateral damage? professionally run RBLs block genuine spam sources - including open relays. operations like spamcop can automatically blacklist any IP address which happens to be mentioned (or forged) in the headers of any message that any moron user forwards to the spamcop system.this kind of idiot automation results in much higher collateral damage. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, 7 May 2002 01:49, Marc Haber wrote: On Sun, 5 May 2002 23:48:10 +1000, Jason Lim [EMAIL PROTECTED] wrote: Hold on... IS any spam coming from t-online, gmx and web.de? Yes. But if you want to get rid of _any_ spam, shut down your MTA. Which will yield about the same effect than using Spamcop as a German ISP. Have you sent an email to the administrators of spamcop informing them of the sizes of the ISPs in question? It seems that everyone who's complaining about spamcop has not done so. Using a DNSBL without taking note of the proceedures for using it (in this case informing them of the size of a big ISP that seems to get hit too easily) is not the smart thing to do... -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, May 07, 2002 at 10:29:41AM +1000, Russell Coker wrote: Have you sent an email to the administrators of spamcop informing them of the sizes of the ISPs in question? why the hell should I, or anyone else, have to go out of my way to inform some third party how large the ISP i work for is? or how much mail volume passes through the mail server. even ignoring the fact that that could be commercial in-confidence information, isn't the act of demanding that just as bad as reply with REMOVE to unsubscribe? what happens next week when rival company spampig starts up, followed by spambusters inc, and a dozen more competitors over as many weeks. should i have to submit my details to all of them just because they want to run a business? It seems that everyone who's complaining about spamcop has not done so. Using a DNSBL without taking note of the proceedures for using it (in this case informing them of the size of a big ISP that seems to get hit too easily) is not the smart thing to do... the people who are complaining about spamcop are NOT using it. the people complaining are those who have been adversely affected by spamcop's idiot automation. there are many RBLs around. some good, some bad. spamcop is one of the worst. at least the other RBLs have technical criteria for being listed - i.e. running an open relay or proof of being a repeat spam source. by contrast, even forged Received: headers can get you listed in spamcop's RBL. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
And Spamcop does *NOT* block entire ranges of IPs like other RBLs, so it is virtually impossible for you to say that t-online, gmx and web.de are blocked. Only the spamming IPs within their ranges would be blocked, NOT the entire range. T-Online does Port 25 blocking, forcing you to use their smarthost. GMX and web.de are e-mail only services and offer SMTP-AUTH-based e-mail services. If their smarthost gets blocked, I dare to say that T-Online is blocked. I couldn't receive _any_ e-mail from _any_ T-Online user for a week, which virtually means shutting me off from Germany's largest-by-far end-user ISP. In that case, T-Online will not have a problem, as the user's IP will be blocked, not the mail server, UNLESS T-Online has setup their mail server to hide their user's IP, which most ISPs do not do. On the other hand, it would be weird if GMX and web.de only have 1 outgoing mail server. I assume that they, like hotmail and other freemail services, would have many multiple outgoing mail servers to handle their traffic (just for example, mail12.web.de, mail6.web.de, etc.). Then only one of the mail servers, at most, would be blocked. And anyway, spam really shouldn't be able to come out of web-based email services. Don't they have rate-limiting or anything like that implemented? I know that even with Hotmail's service, if you set it up on Outlook Express to bypass their web-based login, that your IP *does* should up in the email sent. Your IP does not should up if you login via the web, but then, you cannot send many emails. So there is a trade-off... so web-based email providers would all probably be smart enough to implement a similar system, right? Then, if GMX and these other ISPs kick out that spammer, after 1 week that IP is again clear, so it can again send email. Great. After two hours, I'd have customers complaining. True, but I was assuming that these companies have more than one IP, and more than one mail server. And as I said, a dialup/broadband ISP will not have a problem, as the block IP will be that of their customer, not of their mail server. A web-based freemail provider will also not have a problem, as they *should* implement rate-limiting on their outgoing mail (to stop people sendng 1,000 emails/day from their account, and other silly things like that). Now, if gmx and web.de allow people to send unlimited emails from their account, and other stupid things like that, then perhaps they will be blocked. But would they be that stupid? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, May 07, 2002 at 10:29:41AM +1000, Russell Coker wrote: Have you sent an email to the administrators of spamcop informing them of the sizes of the ISPs in question? why the hell should I, or anyone else, have to go out of my way to inform some third party how large the ISP i work for is? or how much mail volume passes through the mail server. even ignoring the fact that that could be commercial in-confidence information, isn't the act of demanding that just as bad as reply with REMOVE to unsubscribe? Well, what happens when you are listed in OTHER RBLs then? In those cases, you would have an even more interesting time. Let us see: From the BLARS RBL (http://www.blars.org/errors/block.html): --- If you would like a site be added or removed from BlarsBL, you may hire Blars at his normal consulting rates (currently $250/hour, 2 hour minimum, $1000 deposit due in advance for non-established customers) to investigate your evidence about the site. If it is found that the entry was a mistake, no charge will be made and the entire deposit will be refunded. Send Blars email from a non-listed account to verify current rates and arrange payment. --- From SPEWS RBL (http://www.spews.org/faq.html): --- Q41: How does one contact SPEWS? A41: One does not. SPEWS does not receive email - it's just an automated system and website, SPEWS and other blocklist issues can be discussed in the public forums mentioned above... Note that posting messages in these newsgroups lists will not have any effect on SPEWS listings Q42: My IP address/range is being listed by SPEWS but I'm not a spammer and I just signed up for this/these address(s). What can I do to be removed from the list? A42: SPEWS is just an automated system, if spam or spam involvement (hosting spammers, selling spamware) from your IP address/range ceases, it will drop out of the list in time. If you wish, you can discuss SPEWS and blocklist related issues in the public forums mentioned above. A SPEWS editor or developer should see the postings and may double check the listing if you feel it is a mistake, putting the text SPEWS: in the subject can help. Will this get you removed from a SPEWS listing? No, not if there are problems with your host. In fact, the first step you need to take is to complain to your host about the listing, in almost all cases they are the only people who can get an address/range out of the SPEWS list. Do note that your addresses may be listed due to a larger spam related problem with your host, in that case they will not be removed until the problem is fixed. --- With those services, you have to *BEG* your way out of them. At least with Spamcop, if you are listed, the admins are more than happy to work with you... instead of hiding themselves. what happens next week when rival company spampig starts up, followed by spambusters inc, and a dozen more competitors over as many weeks. should i have to submit my details to all of them just because they want to run a business? Um... no... because many RBLs say that they don't care how large an ISP is (eg. Sprint), they will still block them. In Spamcop's case, it won't ban large ISPs, because if you tell them a general figure for the mail volume, it will take that into consideration. at least the other RBLs have technical criteria for being listed - i.e. running an open relay or proof of being a repeat spam source. by contrast, even forged Received: headers can get you listed in spamcop's RBL. Spamcop also has clearly defined policy. Forged headers? I report spam to spamcop almost daily when I have the time, and rarely does it have a problem. You are underestimating Spamcop's ability... have you ever tried reporting spam to it, and looking at the way it analyses items? Go sign up for a free reporting account, and you will soon see what Spamcop can really do. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, May 07, 2002 at 11:16:58AM +1000, Jason Lim wrote: On Tue, May 07, 2002 at 10:29:41AM +1000, Russell Coker wrote: Have you sent an email to the administrators of spamcop informing them of the sizes of the ISPs in question? why the hell should I, or anyone else, have to go out of my way to inform some third party how large the ISP i work for is? or how much mail volume passes through the mail server. even ignoring the fact that that could be commercial in-confidence information, isn't the act of demanding that just as bad as reply with REMOVE to unsubscribe? Well, what happens when you are listed in OTHER RBLs then? In those cases, you would have an even more interesting time. Let us see: From the BLARS RBL (http://www.blars.org/errors/block.html): yes, you quoted this before. who gives a shit? who's even heard of BLARS RBL before?there are hundreds of crappy little RBLs around, most of them run by complete morons. your argument seems to be that because BLARS RBL has arsehole policies, that spamcop can do whatever it likes. From SPEWS RBL (http://www.spews.org/faq.html): --- Q41: How does one contact SPEWS? A41: One does not. SPEWS does not receive email - it's just an automated system and website, SPEWS and other blocklist issues can be discussed in the public forums mentioned above... Note that posting messages in these newsgroups lists will not have any effect on SPEWS listings the fact is that SPEWS lists known spam sources.this is good. i *WANT* known spam sources to be blocked. I don't want to receive mail from known spam sources. you seem to think that there's something wrong with this. i've been using SPEWS-enabled RBLs for over a year now, with no noticable(*) collateral damage from them. i've been using them on my home mail server which handles about 3000-5000 messages/day. i've been using it on my main work mail server which handles over 75000 messages/day. i've been using it on several other mail servers. SPEWS does *NOT* represent a collateral damage problem. so, for all your whining about SPEWS, there's actually no real problem. hard to believe, considering the amount of noise you've been making about it. (*) meaning: I examine my mail logs closely every day and I haven't noticed any; and none of my users has ever complained about legitimate mail being rejected due to false positives from SPEWS. what happens next week when rival company spampig starts up, followed by spambusters inc, and a dozen more competitors over as many weeks. should i have to submit my details to all of them just because they want to run a business? Um... no... because many RBLs say that they don't care how large an you miss the point and head off on an irrelevant tangent. never mind, your tangent is easily dismissed too. ISP is (eg. Sprint), they will still block them. In Spamcop's case, it won't ban large ISPs, because if you tell them a general figure for the mail volume, it will take that into consideration. why the hell should an RBL care how big an ISP is? it's not relevant - they're either part of the spam problem or they're not. size doesn't come into it. that's one of the problems with spamcop. if a host deserves to be listed in an RBL, then it should be listed regardless of how large the ISP is. otherwise you end up with notorious spam-havens like uunet being immune to listing no matter how many pink contracts they sign, while small ISPs get listed just because some vermin spammer forged their IP address in a Received line. at least the other RBLs have technical criteria for being listed - i.e. running an open relay or proof of being a repeat spam source. by contrast, even forged Received: headers can get you listed in spamcop's RBL. Spamcop also has clearly defined policy. so? their policy is still moronic, whether it's clearly defined or not. Forged headers? I report spam to spamcop almost daily when I have the time, and rarely does it have a problem. rarely is not the same as never. rarely just means that there is a fundamental flaw in their method but that nobody has decided to use spamcop to attack a third party's ability to communicate yet. it would be trivial to write a script to do so. it's also obvious just from looking at headers in spam that spammers are definitely aware of how spamcop works and are deliberately forging IP addresses and domain names belonging to anti-spammers. You are underestimating Spamcop's ability... not at all. i've seen the results of spamcop's ability. Go sign up for a free reporting account, and you will soon see what Spamcop can really do. i don't want an account from spamcop. i think they are incompetent morons. all my encounters with them so far confirm that opinion. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, May 07, 2002 at 12:22:26PM +1000, Russell Coker wrote: On Tue, 7 May 2002 11:43, Craig Sanders wrote: --- Q41: How does one contact SPEWS? A41: One does not. SPEWS does not receive email - it's just an automated system and website, SPEWS and other blocklist issues can be discussed in the public forums mentioned above... Note that posting messages in these newsgroups lists will not have any effect on SPEWS listings the fact is that SPEWS lists known spam sources.this is good. i *WANT* known spam sources to be blocked. I don't want to receive mail from known spam sources. you seem to think that there's something wrong with this. Jason has complained in the past about his IP addresses being listed in spews even though none of them has ever been used for sending spam. Simply because he lives in a country that contains lots of open relays is enough to be listed as a spammer. Is this a better policy than spamcop? well, then, all he has to do is move to another country. problem solved, right? after all, if it's a documented policy, it must be right and he has no cause to complain...any more than anyone else has cause to complain about spamcop's documented policy. the point here is that shit happens and mistakes are made. the solution is to do what can be done to correct them, not use it as justification for errors and/or stupidity by others. personally, i suspect that jason is exaggerating the problem or deliberately misleading as to the cause. i use RBLs that incorporate SPEWS data, yet i'm still capable of receiving mail from china and korea and other asian eastern-european countries which are known to have huge spam open-relay problems. the only hosts that are rejected due to SPEWS are those that are confirmed open relays or spam sources. my bet is that there is some other reason for his IP address being listed in SPEWS, and rather than fix the problem he has chosen to just flame SPEWS. ISP is (eg. Sprint), they will still block them. In Spamcop's case, it won't ban large ISPs, because if you tell them a general figure for the mail volume, it will take that into consideration. why the hell should an RBL care how big an ISP is? it's not relevant - they're either part of the spam problem or they're not. size doesn't come into it. It is relevant. In my spare time I run two small ISPs in Melbourne. The total user-base of them both is 1000 users, logs are carefully watched, and spam incidence is almost zero. 18 months ago I was running one of Europe's larger ISPs with 500,000 users (probably comparable to the entire online population of Australia). The amount of spam reports was hugely higher as you would expect primarily because of having a larger user base. it's still not relevant. a host is either a spam problem or not. if it is a problem, then it should be blacklisted regardless of the size of the ISP responsible for it. if it's not a problem, then it shouldn't be listed. Blocking one of the smaller Melbourne ISPs because of 10 different people complaining about spam in one day is reasonable. But blocking zonnet.nl for less than 500 spam reports would be totally unreasonable! you seem to think that automatic blocking because there has been a complaint is valid. it's not. complaints mean nothing. any idiot can make a complaint, and most complaints are self-evidently made by idiots. hardly anyone who is capable of reading headers isn't going to waste their time reporting to spamcop, they're going to maintain their own filters insteadwhich leaves the vast majority of spamcop reporters being idiots. garbage in, garbage out. RBLs should only list sites that are proven to be either an open relay, spam source, or other real problem. listings based on complaints should be manually checked by a human, not processed automatically with a script. that's one of the problems with spamcop. if a host deserves to be listed in an RBL, then it should be listed regardless of how large the ISP is. otherwise you end up with notorious spam-havens like uunet being immune to listing no matter how many pink contracts they sign, while small ISPs get listed just because some vermin spammer forged their IP address in a Received line. Changing the weighting takes care of that. no, it doesn't. weighting only makes a difference if you accept the basic validity of the method. the method isn't valid, it is fundamentally flawed. A large ISP with a bad policy on spam could have the same weighting as a small ISP with a good policy. that's completely counterproductive. a bad (i.e. spamhaven) ISP should be blacklisted regardless of their size. good ISPs shouldn't be blacklisted. Let's assume that the administrators of SpamCop are not stupid! why? that assumption contradicts all the evidence available. it's also obvious just from looking at headers in spam
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Tue, 7 May 2002 10:29:41 +1000, Russell Coker [EMAIL PROTECTED] wrote: On Tue, 7 May 2002 01:49, Marc Haber wrote: Yes. But if you want to get rid of _any_ spam, shut down your MTA. Which will yield about the same effect than using Spamcop as a German ISP. Have you sent an email to the administrators of spamcop informing them of the sizes of the ISPs in question?^ Why should I? After first noticing GMX in the Spamcop BL, I have simply disabled it on my machines in its entirety. It is my firm opinion that Spamcop sucks, and I don't intend to collaborate with them. There are much better blocking lists than the one with the highest false positive rate. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fax: *49 721 966 31 29 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Thu, 2 May 2002 21:47:07 +1000, Russell Coker [EMAIL PROTECTED] wrote: On Thu, 2 May 2002 19:58, Glenn Hocking wrote: I've found that spamcop blocks email from both GE (General Electric) and Pizza Hut mail servers which clients of mine need to receive. Are the GE and Pizza Hut cases because of mis-reporting? Or have these companies spammed? Generally, I have found the Spam Cop blocking list to be much too aggressive for being useable as a filter for an ISP. They classify spam sources by the amount of legitimate mail they receive compared to the amount of spam they receive. Naturally, an english language organisation does not receive much legitimate e-mail from Germany, so they have found to frequently list t-online, gmx and web.de, the three largest e-mail providers for the german speaking countries, all three of them being pure white head when it comes to spam fighting. I wouldn't even use the Spam Cop blocking list for generating RBL-Warning-Headers. Greetings Marc -- -- !! No courtesy copies, please !! - Marc Haber |Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG Rightful Heir | Fax: *49 721 966 31 29 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Thu, 2 May 2002 21:47:07 +1000, Russell Coker [EMAIL PROTECTED] wrote: On Thu, 2 May 2002 19:58, Glenn Hocking wrote: I've found that spamcop blocks email from both GE (General Electric) and Pizza Hut mail servers which clients of mine need to receive. Are the GE and Pizza Hut cases because of mis-reporting? Or have these companies spammed? Generally, I have found the Spam Cop blocking list to be much too aggressive for being useable as a filter for an ISP. They classify spam sources by the amount of legitimate mail they receive compared to the amount of spam they receive. Naturally, an english language organisation does not receive much legitimate e-mail from Germany, so they have found to frequently list t-online, gmx and web.de, the three largest e-mail providers for the german speaking countries, all three of them being pure white head when it comes to spam fighting. Hold on... IS any spam coming from t-online, gmx and web.de? Also note that Spamcop blocks points of origination... that is, afaik, it blocks the actual sender's IP. Now, if your IP was 111.222.111.222 and the spammer's (which is blocked by spamcop) is 111.222.111.223, then you would still not be affected, because only the spammer's IP was blocked. And Spamcop does *NOT* block entire ranges of IPs like other RBLs, so it is virtually impossible for you to say that t-online, gmx and web.de are blocked. Only the spamming IPs within their ranges would be blocked, NOT the entire range. Then, if GMX and these other ISPs kick out that spammer, after 1 week that IP is again clear, so it can again send email. If the same IP repeatedly gets blocked, then the period gets longer, AFAIK. This is why Spamcop's collateral damage is much lower than others in that it does not block entire ranges, and which is why it is suitable for an ISP or Hosting company to use. Sincerely, Jason http://www.zentek-ionternational.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?
Jason Lim wrote: Also note that Spamcop blocks points of origination... that is, afaik, it blocks the actual sender's IP. Now, if your IP was 111.222.111.222 and the spammer's (which is blocked by spamcop) is 111.222.111.223, then you would still not be affected, because only the spammer's IP was blocked. And Spamcop does *NOT* block entire ranges of IPs like other RBLs, so it is virtually impossible for you to say that t-online, gmx and web.de are blocked. Only the spamming IPs within their ranges would be blocked, NOT the entire range. A question, so I can understand how SpamCop and RBLs in general work as you understand it. Does SpamCop block the specific IP address of the client workstation/host (as opposed to a mail server) that originated the specific spam message or the IP address of a relay through which the spammer sent his garbage? If it is the IP of the originating host that is blocked, how does this work exactly. Does the mail software check the IP address of each host that handled a message to see if it is blacklisted? If it is the a mail relay, wouldn't that seem to indicate legitimate mail going through that serice provider will be blocked as well? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Fri, 3 May 2002 19:05, Chris Evans wrote: Now I'm suddenly getting two apparently separate (qwest.net and kornet.net) IP addresses (well, several within each domain's IP space) trying to relay through me at 20 minute intervals. I've reported qwest.net to them and don't see any point with kornet.net as I've never had a reply from any of my umpteen spam reports to them. However, made me wonder if there was a service like abuse.net/spamcop that one can send the traces of such attempts to so that the sending IPs get reported and rbled if the volume goes up enough. What's the point in having an RBL of sites trying to abuse open relays? If a machine is correctly configured it won't allow relaying so this isn't needed. If a machine is broken enough to allow relaying then it probably doesn't have RBL support. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On 3 May 2002 at 7:46, Jason Lim wrote: Does anyone really have the time or desire to scan through all that mail? Haha... no sane person, at least ;-) Well, I do! But I am on this list a little under false pretences as I only run a very small Email list service so I don't have the volume of logs and error reports that many of you have to consider. I put in lots of antispam traps and all the anti-relaying postfix allows. Now I'm suddenly getting two apparently separate (qwest.net and kornet.net) IP addresses (well, several within each domain's IP space) trying to relay through me at 20 minute intervals. I've reported qwest.net to them and don't see any point with kornet.net as I've never had a reply from any of my umpteen spam reports to them. However, made me wonder if there was a service like abuse.net/spamcop that one can send the traces of such attempts to so that the sending IPs get reported and rbled if the volume goes up enough. Seems to me that if a lot of us who use postfix, even without all the other MTAs, were to use such a thing it would become a damn good rbl. Am I wrong? Is there such a thing? TIA, Chris P.S. apologies to those who see essentially the same message on postfix-users! -- Chris Evans [EMAIL PROTECTED] Consultant Psychiatrist in Psychotherapy, Rampton Hospital; Associate RD Director, Tavistock Portman NHS Trust; Hon. SL Institute of Psychiatry *** My views are my own and not representative of those institutions *** -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?
On Fri, 3 May 2002, Jason Lim wrote: I'm not sure, but how many ISPs still allow direct-to-MX-style mail sending (sending direct from the dialup or cable or whatever, without using additional mail servers)? I know quite a few Australian ISP that still allow it (not the big ones like Bigpond or Optusnet AFAIK), and many HK ISPs still allow it... how about in the USA and Europe? Well, I'm in the Netherlands, and personally I'm glad to see that my ISP (xs4all) doesn't assume that their customers are unresponsible by default, so they don't block outgoing SMTP from dialup or DSL customers. However, they do probe customers for open relays occasionally, and when either that or a complaint from someone else shows that one of their customers isn't behaving, they will block. That is entirely the right thing to do, IMNSHO. I subscribed for full connectivity; I run my own MTA here and I know very well how to do it, thank you very much. I'd never, ever choose an ISP who considers their customers guilty by default. Next thing you know they only give you an RFC1918 address, forcing you to surf through a proxy and to use POP3 to get your mail. At that point the Internet's conversion from a world wide network to the digital interactive medium for entertainment, shopping and ad-delivery will be complete I guess. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?
On Fri, May 03, 2002 at 07:49:06PM +0200, Emile van Bergen wrote: On Fri, 3 May 2002, Jason Lim wrote: I'm not sure, but how many ISPs still allow direct-to-MX-style mail sending (sending direct from the dialup or cable or whatever, without using additional mail servers)? I know quite a few Australian ISP that still allow it (not the big ones like Bigpond or Optusnet AFAIK), and many HK ISPs still allow it... how about in the USA and Europe? Well, I'm in the Netherlands, and personally I'm glad to see that my ISP (xs4all) doesn't assume that their customers are unresponsible by default, so they don't block outgoing SMTP from dialup or DSL customers. [...] That is entirely the right thing to do, IMNSHO. I subscribed for full connectivity; I run my own MTA here and I know very well how to do it, thank you very much. I'd never, ever choose an ISP who considers their customers guilty by default. I cannot agree more. It exists some kind of worldwide spam psicosis and a tendency to cure the headache with the decapitation method. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?
procmail/spamassasin process mails yes inside the server, I just give you a made up example: 60 Mails incoming per Minute, 5 seconds average Spamassasin procesing time per Mail = 60-12 = 48 Mails per Minute piling up on your incoming mail queue = 48 new Spamassasin processes per Minute consuming your resources. While RBL throttles Mail Flow (and spares Disk space) thus protecting you in advance, Spamassasin puts the load on your side. Well, they are not exactly comparable, as the rule-based Spamassassin does things based on keywords and keyphrases and that kind of thing, while RBLs do things based on actual spam activity. In my view, the collateral damage of using Spamassassin's rule based blocks is too great. The only RBL a business should really use is the Spamcop.net RBL, because is blocks only when actual spam occurs, and not just blocks all of Asia as some other RBLs do. I'm not going to get into the whole RBL comparison thing, but just wanted to point out the collateral damage point. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
I've found that spamcop blocks email from both GE (General Electric) and Pizza Hut mail servers which clients of mine need to receive. I've found that no matter what RBL list I use there is always legitimate mail being blocked and therefore useless for me as an global email service provider. I would be very interested in any RBL lists that don't block legit email, but can't see how this can be done with a 100% success rate. Cheers Glenn Hocking Publish Media Pty Ltd http://www.sitegeneral.com SNIP The only RBL a business should really use is the Spamcop.net RBL, because is blocks only when actual spam occurs, and not just blocks all of Asia as some other RBLs do. I'm not going to get into the whole RBL comparison thing, but just wanted to point out the collateral damage point. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Thu, 2 May 2002 19:58, Glenn Hocking wrote: I've found that spamcop blocks email from both GE (General Electric) and Pizza Hut mail servers which clients of mine need to receive. I've found that no matter what RBL list I use there is always legitimate mail being blocked and therefore useless for me as an global email service provider. A large part of the reason for this is the fact that many legitimate companies also spam. Are the GE and Pizza Hut cases because of mis-reporting? Or have these companies spammed? -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
I would love for it to work but I spent a couple of days tracking down why some email (to do with payroll so was very important) was being bounced. Turned out to be spamcop. As soon as I removed the rbl from my sendmail config the mail started flowing again. Problem seems to be that GE and Pizza Hut (and others) send out spam themselves so end up on the lists. Seems that one persons advertising email is another persons spam. Best regards Glenn Hocking PublishMedia Pty Ltd http://www.sitegeneral.com Jason Lim wrote: Hi Glenn,Strange, as Spamcop only blocks IPs if they are actually found to bespamming, with an example spam included. And I think spamcop removes olderentries every 24 hour or 48 hours or something like that.So unless someone was spamming from Pizza Hut and/or GE recently, I can'tsee how they could be added. Personally I don't like those lists that justblock mail from IPs they don't like, even if there is no spam coming fromthem. Thats why I like spamcop... only blocks when real spam comesthrough.Do you know if actual spam is being sent from GE and Pizzahut?Sincerely,Jason- Original Message -From: "Glenn Hocking" [EMAIL PROTECTED]To: [EMAIL PROTECTED]Sent: Thursday, May 02, 2002 7:58 PMSub ject: [Fwd: Re: Spamassasin over RBL, was Re: rblsmtpd -t?] I've found that spamcop blocks email from both GE (General Electric) andPizza Hut mail servers which clients of mine need to receive.I've found that no matter what RBL list I use there is always legitimatemail being blocked and therefore useless for me as an global emailservice provider.I would be very interested in any RBL lists that don't block legitemail, but can't see how this can be done with a 100% success rate.CheersGlenn HockingPublish Media Pty Ltdhttp://www.sitegeneral.comSNIP The only RBL a business should really use is the Spamcop.net RBL, because is blocks only when actual spam occurs, and not just blocks "all of Asia" as some other RBLs do. I'm not going to get into the whole RBL comparison thing, but just wanted to point out the "collateral damage" point. --To UNSUBSCRIBE, email to [EMAIL PROTECTED]with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] --To UNSUBSCRIBE, email to [EMAIL PROTECTED]with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
Speaking as an ISP that has to deal with spam complaints from our clients, most people consider it spam if it was unrequested -- thus the definition of Unsolicited Commercial Email. It's bad enough to have to deal with junk ads through snail mail, but now we have to deal with junk ads in electronic mail. At least with snail mail the advertisor has to foot the whole bill of the ads so they have to budget their advertising. What irritates me is when the spammers try to claim that they are sending out their junkmail in accordance to federal legislation and refer to some House or Senate bill. To the best of my knowledge, there still isn't any actual statute that has been signed into law regarding spam. From Glenn Hocking: Problem seems to be that GE and Pizza Hut (and others) send out spam themselves so end up on the lists. Seems that one persons advertising email is another persons spam. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?
On Thu, May 02, 2002 at 06:52:33PM +1000, Jason Lim wrote: procmail/spamassasin process mails yes inside the server, I just give you a made up example: 60 Mails incoming per Minute, 5 seconds average Spamassasin procesing time per Mail = 60-12 = 48 Mails per Minute piling up on your incoming mail queue = 48 new Spamassasin processes per Minute consuming your resources. While RBL throttles Mail Flow (and spares Disk space) thus protecting you in advance, Spamassasin puts the load on your side. Well, they are not exactly comparable, as the rule-based Spamassassin does things based on keywords and keyphrases and that kind of thing, while RBLs do things based on actual spam activity. In my view, the collateral damage of using Spamassassin's rule based blocks is too great. The only RBL a business should really use is the Spamcop.net RBL, because is blocks only when actual spam occurs, and not just blocks all of Asia as some other RBLs do. I'm not going to get into the whole RBL comparison thing, but just wanted to point out the collateral damage point. Collateral damage is, however, the only leverage one has get some of these spam friendly ISPs and lazy admins to enforce reasonable use. We just got a dictionary (?) attack from sympatico.ca using forged reply addresses covering all printable characters in this range: [\001-\255][\001-255][\001-\255]@maine.com, our domain, sent all over. Response from sympatica.ca security/abuse Not their responsibility. So a fast rblsmtpd, presumably with local rbl database, set to defer not accept on overload would be preferable. Collateral damage happens if you **accept** that email too and try to filter afterwards. That amounts to DOS. Legitimate email is delayed and bounces. We don't run with a week in the queue, but only hours now - that too because of the spam that won't bounce back. We shut down our off-site MX because spam would come in through that. Yes our reliability has been heavily compromised; more collateral damage. That aaa attack generated triple bounces so it would have been approx 200*200*200*3 messages if it went to completion? We're seeing spammers running linux boxes on roadrunner cable connections; I don't want to buy the horsepower and sink the time into handling that without damage. Seems to me it will always take an order of magnitude more power to filter accepted garbage than it will to generate that garbage. No way to win that. Anyway, the approach we are taking now is the strictest possible RBL plus an accept list and no spamfilters, precisely because it seems the lightest on resources and the most effective long term. Clients here can opt out of that (getting all email), go with our default, or pay extra for filtering after receipt. cfm -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Thu, May 02, 2002 at 09:24:57AM -0400, Gene Grimm wrote: Speaking as an ISP that has to deal with spam complaints from our clients, most people consider it spam if it was unrequested -- thus the definition of Unsolicited Commercial Email. It's bad enough to have to deal with junk ads through snail mail, but now we have to deal with junk ads in electronic mail. At least with snail mail the advertisor has to foot the whole bill of the ads so they have to budget their advertising. What irritates me is when the spammers try to claim that they are sending out their junkmail in accordance to federal legislation and refer to some House or Senate bill. To the best of my knowledge, there still isn't any actual statute that has been signed into law regarding spam. There is a big difference between spam with a legitimate reply to and valid bounce address, that will in fact bounce back. spam with a forged reply to and where bounces bounce is a whole different issue. YMMV From Glenn Hocking: Problem seems to be that GE and Pizza Hut (and others) send out spam themselves so end up on the lists. Seems that one persons advertising email is another persons spam. rblsmtpd -a accept list Of course when most of sprint is in the spamblock that doesn't work. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Christopher F. Miller, Publisher [EMAIL PROTECTED] MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039 1.207.657.5078 http://www.maine.com/ Content/site management, online commerce, internet integration, Debian linux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Thu, 2 May 2002 21:55, Glenn Hocking wrote: I would love for it to work but I spent a couple of days tracking down why some email (to do with payroll so was very important) was being bounced. Turned out to be spamcop. As soon as I removed the rbl from my sendmail config the mail started flowing again. Problem seems to be that GE and Pizza Hut (and others) send out spam themselves so end up on the lists. Seems that one persons advertising email is another persons spam. Sometimes people forget that they signed up for a mailing list and when some content arrive they treat it as spam. But also some big companies just genuinely think that an advert for their products is desired by millions of people and that they should send it out indiscriminately. If you're in contact with any senior people at these companies suggest to them that they use different mail servers (with different IP addresses for outgoing traffic) for different purposes. Then when their advertising server is listed as a spam source their corporate server will still be usable. This is a simple chance but can save huge amounts of pain for everyone concerned. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
- Original Message - From: [EMAIL PROTECTED] To: Gene Grimm [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, May 02, 2002 9:51 AM Subject: Re: Spamassasin over RBL, was Re: rblsmtpd -t?] On Thu, May 02, 2002 at 09:24:57AM -0400, Gene Grimm wrote: Speaking as an ISP that has to deal with spam complaints from our clients, most people consider it spam if it was unrequested -- thus the definition of Unsolicited Commercial Email. It's bad enough to have to deal with junk ads through snail mail, but now we have to deal with junk ads in electronic mail. At least with snail mail the advertisor has to foot the whole bill of the ads so they have to budget their advertising. What irritates me is when the spammers try to claim that they are sending out their junkmail in accordance to federal legislation and refer to some House or Senate bill. To the best of my knowledge, there still isn't any actual statute that has been signed into law regarding spam. There is a big difference between spam with a legitimate reply to and valid bounce address, that will in fact bounce back. spam with a forged reply to and where bounces bounce is a whole different issue. YMMV To the end user, even advertisements with valid bounce and reply to addresses are spam if they didn't request it. Granted, some people forget or may not realize they signed up for this or that mailing list when they signed up at this web site or that one. But if the advertiser is trawling for, or trading email addresses the end user most likely didn't opt into that spam list. Our current definition of legitmate commercial email requires clear identification of the sending organization, valid originating and return addresses belonging to the sender, and clearly defined and functional procedures for removal from future mailings. It also requires that any mailing lists be of the opt-in not opt-out variety. The customer has to ask to be added to the list in the first place, not be automatically added and made to request to be removed. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?
On Thu, May 02, 2002 at 06:52:33PM +1000, Jason Lim wrote: Well, they are not exactly comparable, as the rule-based Spamassassin does things based on keywords and keyphrases and that kind of thing, while RBLs do things based on actual spam activity. In my view, the collateral damage of using Spamassassin's rule based blocks is too great. your view isn't based on much experience, then. i've been using and developing anti-spam systems for years. in my view, spamassassin is probably the best thing since sliced bread - it does an EXCELLENT job of identifying spam using a scoring system based on detecting patterns seen in many spams over the years. if the score gets too high (user configurable) then it is flagged as spam. what happens to it then is up to the user's delivery filter (or up to the system if there's a system-wide filter). this causes far less collateral damage than even decently run RBLs like osirusoft and ordb. The only RBL a business should really use is the Spamcop.net RBL, because is blocks only when actual spam occurs, and not just blocks all of Asia as some other RBLs do. I'm not going to get into the whole RBL comparison thing, but just wanted to point out the collateral damage point. actually, spamcop is about the worst RBL anyone could use if they wanted to avoid collateral damage. spamcop's automation sucks. all it takes for a postmaster to get mailbombed by spamcop is for some cretin to send in a spam complaint because they're too stupid to figure out how to unsubscribe from a mailing list they voluntarily subscribed to. btw, that would be confirmed opt-in subscription because ALL of the lists i run for customers require subscription confirmation...the list software has been hacked so that it isn't an option, it's mandatory. or because they're too stupid to realise that a certain mail server is forwarding spam to them BECAUSE they used to have an account on the system and the alias or .forward file that they asked for is still working as requested. yes, this DOES happen - the last one of these i got was today (and that wasn't even about a mail server i have any control over...not that there was a problem with it, it was a well-maintained postfix server which certainly was NOT an open relay). these aren't even the stupidest examples of spamcop's lameness. that's all it takes to get listed in their RBL too. i've seen these and many other stupid complaints from spamcop over the years. i am so sick of getting bullshit reports from spamcop that i've been on the verge of adding spamcop's domains servers to my own block lists on dozens of occasions over the yearsthe only thing that stopped me is the fact that their intentions are basically good even if their method is idiotic. i wouldn't use their RBL even for testing purposes, let alone on a live server...and certainly not when collateral damage (i.e. false-positive rejections) was unaceptable. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Thu, May 02, 2002 at 09:55:12PM +1000, Glenn Hocking wrote: Seems that one persons advertising email is another persons spam. no, the key difference between advertising email and spam is that spam is unsolicited. not all advertising email is spam, and not all spam is advertising. if it was unsolicited, then it's spam - regardless of content. if it was sent with permission (e.g. by direct request or by confirmed subscription) then it's not spam - regardless of content. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Thu, May 02, 2002 at 11:57:54PM +1000, Russell Coker wrote: If you're in contact with any senior people at these companies suggest to them that they use different mail servers (with different IP addresses for outgoing traffic) for different purposes. Then when their advertising server is listed as a spam source their corporate server will still be usable. what are you doing, russell? you're giving a free clue to mainsleaze spammers. bad!!! the *only* thing that is going to stop these scum from spamming is if they realise it will damage their ability to communicate. This is a simple chance but can save huge amounts of pain for everyone concerned. unfortunately, pain is a neccessary part of the cure for this disease. craig -- craig sanders [EMAIL PROTECTED] Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
I *REALLY* hate it when these spammers try dictionary attacks. The postmaster accounts fill up with thousands upon thousands of emails, until they are over quota. Then the emails double/triple bounce to the admin of the server (us). Sincerely, Jason http://www.zentek-international.com - Original Message - From: Gene Grimm [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 02, 2002 11:24 PM Subject: Re: Spamassasin over RBL, was Re: rblsmtpd -t?] Speaking as an ISP that has to deal with spam complaints from our clients, most people consider it spam if it was unrequested -- thus the definition of Unsolicited Commercial Email. It's bad enough to have to deal with junk ads through snail mail, but now we have to deal with junk ads in electronic mail. At least with snail mail the advertisor has to foot the whole bill of the ads so they have to budget their advertising. What irritates me is when the spammers try to claim that they are sending out their junkmail in accordance to federal legislation and refer to some House or Senate bill. To the best of my knowledge, there still isn't any actual statute that has been signed into law regarding spam. From Glenn Hocking: Problem seems to be that GE and Pizza Hut (and others) send out spam themselves so end up on the lists. Seems that one persons advertising email is another persons spam. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
Sometimes people forget that they signed up for a mailing list and when some content arrive they treat it as spam. But also some big companies just genuinely think that an advert for their products is desired by millions of people and that they should send it out indiscriminately. If you're in contact with any senior people at these companies suggest to them that they use different mail servers (with different IP addresses for outgoing traffic) for different purposes. Then when their advertising server is listed as a spam source their corporate server will still be usable. This is a simple chance but can save huge amounts of pain for everyone concerned. -- Well, I can tell you that EA (Electronic Arts) uses this method. I subscribe to their lists (for real), and the links in their emails seem to point to www.comcom.com/somethignhere or something like that... not www.ea.com/something. Plus the mail is sent through, as you mentioned, a different mail server each time. I am not saying that EA is spamming at all, but what I am saying is that they are playing it smart, because they know that some fools are going to say that it is spam (even though they probably signed up for the list when they bought a game from them, or something like that), and those ppl are going to submit them to spamcop, and other such RBLs. Fortunately, spamcop works on a majority must be spam... if spam is under 2%, then it is fine rule, so in theory those few fools don't make a difference, but they are still playing it safe, and IMHO, smart. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?
On Thu, May 02, 2002 at 06:52:33PM +1000, Jason Lim wrote: Well, they are not exactly comparable, as the rule-based Spamassassin does things based on keywords and keyphrases and that kind of thing, while RBLs do things based on actual spam activity. In my view, the collateral damage of using Spamassassin's rule based blocks is too great. your view isn't based on much experience, then. Okay, i think it comes down to personal preference. I saw the Spamassassin's rule list... someone typing in the word AMAZING gets 0.125 or something points, FREE gets how many points, etc. All it takes is for spammers to simply change their wording a bit (as they have in the past... like A.M.A.Z.I.N.G), and it defeats Spamassassin, whereas the RBLs are immune to such tampering. i've been using and developing anti-spam systems for years. in my view, spamassassin is probably the best thing since sliced bread - it does an EXCELLENT job of identifying spam using a scoring system based on detecting patterns seen in many spams over the years. if the score gets too high (user configurable) then it is flagged as spam. what happens to it then is up to the user's delivery filter (or up to the system if there's a system-wide filter). actually, spamcop is about the worst RBL anyone could use if they wanted to avoid collateral damage. spamcop's automation sucks. all it takes for a postmaster to get mailbombed by spamcop is for some cretin to send in a spam complaint because they're too stupid to figure out how to unsubscribe from a mailing list they voluntarily subscribed to. btw, that would be confirmed opt-in subscription because ALL of the lists i run for customers require subscription confirmation...the list software has been hacked so that it isn't an option, it's mandatory. Yes, but here is the thing you did not mention. Spamcop does not automatically block an IP just because a few people complained. It takes into consideration the ENTIRE mail volume. So, using your example, if the mailing list sends out 50,000 emails per day, and some cretin is, as you said, too stupid to unsubscribe and submits to spamcop, then it would be 1-2 emails out of 50,000 tagged as spam. As far as I remember, spamcop needs to have total volume of spam exceed 2% of the total in order to consider it spam. So unless a large number of cretins get together to block the company, then the company that runs the lists is fine. or because they're too stupid to realise that a certain mail server is forwarding spam to them BECAUSE they used to have an account on the system and the alias or .forward file that they asked for is still working as requested. yes, this DOES happen - the last one of these i got was today (and that wasn't even about a mail server i have any control over...not that there was a problem with it, it was a well-maintained postfix server which certainly was NOT an open relay). The solution is above. these aren't even the stupidest examples of spamcop's lameness. that's all it takes to get listed in their RBL too. I might also mention that it is not hard to get out of spamcop's lists, even if you are listed. Unless a site continually gets spam complaints, I think spamcop checks the RBL database ever 24... or was it every week... and removes stale/old entries. Try to get off some of the OTHER RBLs... they make you beg and plead for your innocence, and then most times they say screw you spammer and thats it you are left being blocked until kingdom come. i've seen these and many other stupid complaints from spamcop over the years. i am so sick of getting bullshit reports from spamcop that i've been on the verge of adding spamcop's domains servers to my own block lists on dozens of occasions over the yearsthe only thing that stopped me is the fact that their intentions are basically good even if their method is idiotic. Well, I should *also* mention that you can have the complaints BLOCKED at the spamcop level. Thats right... you can have all that email to you redirected somewhere else. Spamcop uses abuse.net for their emailing, so if you put in the correct entries in abuse.net, then you can have the mail delivered to the relevent person. You could also chose to ignore the complaints, if you truely don't have spamming customers, and it will go away. No RBL is perfect, I'm only looking for the better RBL, and after looking around carefully, reading all the RBL's policies, and now from experience, Spamcop.net is the better of the RBLs, IMHO. YMMV, and certainly if enough people starting rising up against Spamcop, I would reconsider my view (and so would many sysadmins i think). But so far, I've seen VERY few people complaining about spamcop's way of doing things compared with other lists. So maybe the lack of complaints against Spamcop also verifies my view that Spamcop is better? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Thu, May 02, 2002 at 09:55:12PM +1000, Glenn Hocking wrote: Seems that one persons advertising email is another persons spam. no, the key difference between advertising email and spam is that spam is unsolicited. not all advertising email is spam, and not all spam is advertising. if it was unsolicited, then it's spam - regardless of content. if it was sent with permission (e.g. by direct request or by confirmed subscription) then it's not spam - regardless of content. I think the point is that some people do not remember or realize they joined up for something. For example (I mentioned this in another email sent to the list), I bought an EA (electronic arts) game, and when I signed up for their auto-update feature, i read that my email address would be used to keep me informed of new updates and new games of the same type. I think many people wouldn't read that in the agreement... so they incorrectly *think* that the mail they get from EA is spam. Hence, the sentence Seems that one persons advertising email is another persons spam. would be true in that case... legitimate advertising becomes spam in the perception of the ignorant user. (I'm not saying this is true all the time... many times, it is just plain spam, but I'm just showing the flip side of the coin). BTW everyone, please don't take anything anyone says in this list personally. Spam, RBLs, etc. are all very subjective and are nearly like religion, so lets not get personal or anything. Lets just keep it to the technical merits and facts :-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
Then I started using Exim. It doesn't send bounces to the postmaster by default. (I just view the queue daily and receive an eximstats -- log anaylsist report -- daily.) Don't configure your MTA to send copies of bounces to the postmaster. Is that even possible with qmail? It seems to junk everything into postmaster. Does anyone really have the time or desire to scan through all that mail? Haha... no sane person, at least ;-) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?
On Fri, May 03, 2002 at 03:11:39AM +1000, Jason Lim wrote: Okay, i think it comes down to personal preference. I saw the Spamassassin's rule list... someone typing in the word AMAZING gets 0.125 or something points, FREE gets how many points, etc. All it takes is for spammers to simply change their wording a bit (as they have in the past... like A.M.A.Z.I.N.G), and it defeats Spamassassin, whereas the RBLs are immune to such tampering. you'd be surprised. spammers are stupid. and predictable. patterns i came up with over 5 years ago STILL work to block a lot of spam. e.g. they still use To: [EMAIL PROTECTED] even though anti-spammers have been laughing at them (and blocking them) over that for years. in any case, it doesn't *defeat* spamassassin, it just bypasses that particular rule. in all likelihood, any given spam will match several rules...a trivial rule like AMAZING isn't even worth much - 0.125 out of the default 5.0 required to flag as spam. spamcop's automation sucks. all it takes for a postmaster to get Yes, but here is the thing you did not mention. Spamcop does not automatically block an IP just because a few people complained. It takes into consideration the ENTIRE mail volume. So, using your example, if the mailing list sends out 50,000 emails per day, and some cretin is, as you said, too stupid to unsubscribe and submits to spamcop, then it would be 1-2 emails out of 50,000 tagged as spam. don't believe everything you read on a company's web site. how is spamcop going to know the volume when they don't have access to the logs? all they see are the complaints. these aren't even the stupidest examples of spamcop's lameness. that's all it takes to get listed in their RBL too. I might also mention that it is not hard to get out of spamcop's lists, even if you are listed. Unless a site continually gets spam complaints, I think spamcop checks the RBL database ever 24... or was it every week... and removes stale/old entries. Try to get off some of the OTHER RBLs... they make you beg and plead for your innocence, and then most times they say screw you spammer and thats it you are left being blocked until kingdom come. all of the RBLs i use have very simple methods for getting off. close the open relay and submit your server for retesting. done. no problem. if it's no longer an open relay then it will be de-listed. i've seen these and many other stupid complaints from spamcop over the years. i am so sick of getting bullshit reports from spamcop Well, I should *also* mention that you can have the complaints BLOCKED at the spamcop level. Thats right... you can have all that email to you redirected somewhere else. Spamcop uses abuse.net for their emailing, so if you put in the correct entries in abuse.net, then you can have the mail delivered to the relevent person. in most cases, i *am* the correct contact person for the domains/servers concerned. i am postmaster/abuse/hostmaster/root/etc @ those domains. if there are any legitimate abuse complaints then they should come to me. that's not the problem. the problem is that spamcop will forward you complaints from users based on nothing more than obviously forged Received or From/To/Reply-To/Message-ID/etc lines mentioning your IP addresses or domains - or your downstream customer's IP addresses or domains. spamcop will forward you crap that has no discernible relevance to you because their script saw something that it interpreted as referring to your IP addresses or domains. parsing received headers, for example, is notoriously difficult because there is no standard for them and often pointless because they're forged, but spamcop does itthe trouble is that they do it badly. spamassassin does a pretty good job of recognising forged Received lines...so why can't spamcop? like i said, their automation sucks...and since their entire service is based around their automation, they suck. You could also chose to ignore the complaints, that's basically what i do. it's not something i'd recommend as policy, thoughit smells far too much like if you don't like spam then just hit delete and ignore it. if you truely don't have spamming customers, and it will go away. i don't have spamming customers. i have had, over the years, a handful of customers who cluelessly did stupid things like running open relays or open proxy servers. they were made to fix them. as far as a i know, i've *never* had a deliberate spammer as a customer...if i ever do then they wont be a customer for long. it doesn't go away. i still get a handful of spamcop complaints every month, all of them for things like users being too stupid to unsub from a list they voluntarily subscribed to. No RBL is perfect, I'm only looking for the better RBL, and after looking around carefully, reading all the RBL's policies, and now from if you want to find better RBL services then the only way to do it is
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Fri, 3 May 2002, Jason Lim wrote: Don't configure your MTA to send copies of bounces to the postmaster. Is that even possible with qmail? It seems to junk everything into postmaster. Maybe the bounces were double-bounces. Anyways, look at the qmail-control and qmail-send man pages. And look at the doublebounceto control. I forgot to mention that for the past couple years, I block these dictionary attack problems at RCPT TO time so I don't have to deal with any bounces. (With Exim 3.x, use the receiver_verify main configuration option.) Jeremy C. Reed echo 'G014AE824B0-07CC?/JJFFFI?D64CBD=3C427=;6HI2J' | tr /-_ :\ Sc-y./ | sed swxw`uname`w -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?
On Fri, May 03, 2002 at 03:11:39AM +1000, Jason Lim wrote: Okay, i think it comes down to personal preference. I saw the Spamassassin's rule list... someone typing in the word AMAZING gets 0.125 or something points, FREE gets how many points, etc. All it takes is for spammers to simply change their wording a bit (as they have in the past... like A.M.A.Z.I.N.G), and it defeats Spamassassin, whereas the RBLs are immune to such tampering. Unfortunately, spamassassin marked this post as spam: SPAM: Start SpamAssassin results -- SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more details. SPAM: SPAM: Content analysis details: (5.8 hits, 5 required) SPAM: Hit! (0.0 points) Subject: ends in a question mark SPAM: Hit! (0.7 points) BODY: Contains 'G.a.p.p.y-T.e.x.t' SPAM: Hit! (3.1 points) BODY: Contains word 'AMAZING' SPAM: Hit! (2.0 points) BODY: Talks about opting in SPAM: SPAM: End of SpamAssassin results - X-Spam-Status: Yes, hits=5.8 required=5.0 tests=SUBJ_ENDS_IN_Q_MARK,GAPPY_TEXT,AMAZING,OPT_IN version=2.11 It's the first (somewhat) false positive I've had for months. *$* Typical! -- Karl E. Jørgensen [EMAIL PROTECTED] www.karl.jorgensen.com Today's fortune: I only know what I read in the papers. -- Will Rogers msg06266/pgp0.pgp Description: PGP signature
RBLs for ISPs, was Re: Spamassasin over RBL, was Re: rblsmtpd -t?
I might also mention that it is not hard to get out of spamcop's lists, even if you are listed. Unless a site continually gets spam complaints, I think spamcop checks the RBL database ever 24hr... or was it every week... and removes stale/old entries. Try to get off some of the OTHER RBLs... they make you beg and plead for your innocence, and then most times they say screw you spammer and thats it you are left being blocked until kingdom come. all of the RBLs i use have very simple methods for getting off. close the open relay and submit your server for retesting. done. no problem. if it's no longer an open relay then it will be de-listed. Certainly not. I wish what you said were really the case. From the BLARS RBL (http://www.blars.org/errors/block.html): --- If you would like a site be added or removed from BlarsBL, you may hire Blars at his normal consulting rates (currently $250/hour, 2 hour minimum, $1000 deposit due in advance for non-established customers) to investigate your evidence about the site. If it is found that the entry was a mistake, no charge will be made and the entire deposit will be refunded. Send Blars email from a non-listed account to verify current rates and arrange payment. --- I don't think i need to make a comment about the above, do i? From SPEWS RBL (http://www.spews.org/faq.html): --- Q41: How does one contact SPEWS? A41: One does not. SPEWS does not receive email - it's just an automated system and website, SPEWS and other blocklist issues can be discussed in the public forums mentioned above... Note that posting messages in these newsgroups lists will not have any effect on SPEWS listings Q42: My IP address/range is being listed by SPEWS but I'm not a spammer and I just signed up for this/these address(s). What can I do to be removed from the list? A42: SPEWS is just an automated system, if spam or spam involvement (hosting spammers, selling spamware) from your IP address/range ceases, it will drop out of the list in time. If you wish, you can discuss SPEWS and blocklist related issues in the public forums mentioned above. A SPEWS editor or developer should see the postings and may double check the listing if you feel it is a mistake, putting the text SPEWS: in the subject can help. Will this get you removed from a SPEWS listing? No, not if there are problems with your host. In fact, the first step you need to take is to complain to your host about the listing, in almost all cases they are the only people who can get an address/range out of the SPEWS list. Do note that your addresses may be listed due to a larger spam related problem with your host, in that case they will not be removed until the problem is fixed. --- Spews is *NOT* an automated system, as they claim. It is completely manual, and going to the newsgroup they tell you to go to will confirm this. Their entries also contain lots of outdated and old IP addresses. Their database apparently was inhereted from some other service before SPEWS.org started, so they inhereted lots of crap along with it. They make it intentionally impossible to contact them so they become completely unaccountable to anyone with no transparency in their process whatsoever. They also list very large chunks of Asia, and have said racist and derrogatory remarks about Asian peoples (go to the newsgroup and see). These RBLs nearly act like Nazi SS, with a lot of unwitting admins blindly using their block lists, not knowing how these people operate (the above should shed some light on this). For a complete RBL list, go to: http://www.declude.com/junkmail/support/ip4r.htm --- SPAMCOP bl.spamcop.net127.0.0.2 Lists mail servers that have a very high spam-to-legitimate-mail ratio. Seems like an excellent spam test; plans to charge a reasonable fee soon. --- So can we really conclude that the RBLs you mention are more transparent in process, accountable, or ANYTHING better than Spamcop? At least Spamcop has a reasonable and clearly defined policy, transparent process, and works with people to solve problems. Again, going to the Spamcop newsgroup will prove more of the above. Spamcop is not the only transparent and accountable RBL... there are others, but Spamcop is the one that seems to the best of the lot, as the others only list open relays or such. the problem is that spamcop will forward you complaints from users based on nothing more than obviously forged Received or From/To/Reply-To/Message-ID/etc lines mentioning your IP addresses or domains - or your downstream customer's IP addresses or domains. spamcop will forward you crap that has no discernible relevance to you because their script saw something that it interpreted as referring to your IP addresses or domains. parsing received headers, for example, is Then it is
Re: Spamassasin over RBL, was Re: rblsmtpd -t?]
On Fri, 3 May 2002 00:43, Craig Sanders wrote: On Thu, May 02, 2002 at 11:57:54PM +1000, Russell Coker wrote: If you're in contact with any senior people at these companies suggest to them that they use different mail servers (with different IP addresses for outgoing traffic) for different purposes. Then when their advertising server is listed as a spam source their corporate server will still be usable. what are you doing, russell? you're giving a free clue to mainsleaze spammers. bad!!! the *only* thing that is going to stop these scum from spamming is if they realise it will damage their ability to communicate. I agree that we have to hurt spammers to make them stop, and I also admit that my previous message could help some spammers. However I believe that my suggestion is much more useful in helping legitimate businesses avoid getting mistakenly listed as spammers. There have been quite a few times that I have dealt with legit companies to find that their servers were listed in spam lists, in several of those cases I knew that the companies had good anti-spam policies and that the reports were therefore mistaken. So the fact that they had one server doing both regular email and the opt-in advertising mailing list hurt them (and me). This is a simple chance but can save huge amounts of pain for everyone concerned. unfortunately, pain is a neccessary part of the cure for this disease. Not pain for innocent people though. -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?
On Fri, 3 May 2002 08:23, Craig Sanders wrote: Yes, but here is the thing you did not mention. Spamcop does not automatically block an IP just because a few people complained. It takes into consideration the ENTIRE mail volume. So, using your example, if the mailing list sends out 50,000 emails per day, and some cretin is, as you said, too stupid to unsubscribe and submits to spamcop, then it would be 1-2 emails out of 50,000 tagged as spam. don't believe everything you read on a company's web site. On their web site it says that the size of the server is guessed by the spamcop administrators. So if your servers get hit too easily and too often then the thing to do would be to send them a polite message informing them of the size of your servers, the number of messages going through, the number of users, and your spam policies. Then request that they add a weighting such that one or two false reports won't hurt you. I am sure that they will be happy to oblige. how is spamcop going to know the volume when they don't have access to the logs? all they see are the complaints. They know about big organizations such as hotmail.com, and they rely on reports from other administrators to guage the size of other servers. I might also mention that it is not hard to get out of spamcop's lists, even if you are listed. Unless a site continually gets spam complaints, I think spamcop checks the RBL database ever 24... or was it every week... and removes stale/old entries. Try to get off some of the OTHER RBLs... they make you beg and plead for your innocence, and then most times they say screw you spammer and thats it you are left being blocked until kingdom come. all of the RBLs i use have very simple methods for getting off. close the open relay and submit your server for retesting. done. no problem. if it's no longer an open relay then it will be de-listed. Unless it's a spam source listing... -- If you send email to me or to a mailing list that I use which has 4 lines of legalistic junk at the end then you are specifically authorizing me to do whatever I wish with the message and all other messages from your domain, by posting the message you agree that your long legalistic sig is void. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spamassasin over RBL, was Re: rblsmtpd -t?
Yes, but here is the thing you did not mention. Spamcop does not automatically block an IP just because a few people complained. It takes into consideration the ENTIRE mail volume. So, using your example, if the mailing list sends out 50,000 emails per day, and some cretin is, as you said, too stupid to unsubscribe and submits to spamcop, then it would be 1-2 emails out of 50,000 tagged as spam. don't believe everything you read on a company's web site. On their web site it says that the size of the server is guessed by the spamcop administrators. So if your servers get hit too easily and too often then the thing to do would be to send them a polite message informing them of the size of your servers, the number of messages going through, the number of users, and your spam policies. Then request that they add a weighting such that one or two false reports won't hurt you. I am sure that they will be happy to oblige. Yes, and remember that Spamcop admins and people are publically accessable and in no way try to hide behind a veil of secrecy like other RBL operators (some who don't even want you to contact them at all). So at least you have a chance at working with the Spamcop admins to get things resolved, and from my experience they are quite willing to co-operate with sysadmins, as long as everyone is nice and polite about everything. how is spamcop going to know the volume when they don't have access to the logs? all they see are the complaints. They know about big organizations such as hotmail.com, and they rely on reports from other administrators to guage the size of other servers. The large ones are quite obvious and public (yahoo, hotmail, netscape, etc. freemail servers), and the smaller-mid size mail servers are reported by sysadmins, as you said. I might also mention that it is not hard to get out of spamcop's lists, even if you are listed. Unless a site continually gets spam complaints, I think spamcop checks the RBL database ever 24... or was it every week... and removes stale/old entries. Try to get off some of the OTHER RBLs... they make you beg and plead for your innocence, and then most times they say screw you spammer and thats it you are left being blocked until kingdom come. all of the RBLs i use have very simple methods for getting off. close the open relay and submit your server for retesting. done. no problem. if it's no longer an open relay then it will be de-listed. Unless it's a spam source listing... I'm not sure, but how many ISPs still allow direct-to-MX-style mail sending (sending direct from the dialup or cable or whatever, without using additional mail servers)? I know quite a few Australian ISP that still allow it (not the big ones like Bigpond or Optusnet AFAIK), and many HK ISPs still allow it... how about in the USA and Europe? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
