> -----Original Message----- > From: Marc Perkel [mailto:[EMAIL PROTECTED] > Sent: Monday, June 18, 2007 10:00 AM > To: Rick Cooper > Cc: users@spamassassin.apache.org > Subject: Re: My Newly Expanded DNS Blacklist - Who wants to try it? > > > > Rick Cooper wrote: > > I don't know what his reason is but had I attempted to > send mail to your > > server last Friday I could easily have ended up hitting > one of your higher > > MXs. I had a problem with Verizon where I would loose my > connection for > > seconds to a min and everything would be fine for seconds > to a min or two. > > This went on for hours, it was like someone flicking a > light switch. If exim > > couldn't connect to your lower mx servers during one of > these episodes it > > would have rolled up the list as it should since Verizon > has yet to inform > > my mail server they are having transient network problems > and to consider > > any connection issues to be temporary and please try again. > > > > Rick > > > > > > Rick, it does take multiple hits to get listed and I did add > code that > if you hit all the high ones in sucession that it only > counts as one. > However, having said that, this is experimental and there's a > possibility that it's just not going to work. I do believe > that there's > information to be had by looking at hosts who hit high numbered MX > records when low numbered MX servers are available. I'm just > trying to > figure out how to extract this information. > > So - I ask the question - I think we can all agree that there's > information to be had. How do we extract this in a useful > form an avoid > false positives? >
I am probably over sensitive to blacklists of this nature because of past problems. I had an issue where someone could not deliver a reply to a customer once and when I investigated I found the (actually two) server was on a blacklist I had never heard of. I let our ISP know that apparently their entire address space was on the list and the owner (someone I have known since the early eighties) investigated and found the entire att address space (their carrier) was on this black list and att knew all about it. Apparently this person wanted them to pay him $50,000 to be removed in less than one year. Granted few people probably use the list but it still worries me when some one uses a list maintained by "a guy" and even more so if it's fully automated. Personally a relatively few mails on our servers make it to RBL portion (I also use exim) and get dumped for other reasons, right now the biggest is probably non FQDN (or bracketed dotted quad) helo. I would say number two is attempting to send mail heloing as part of our domain space when the host is not part of our network, and three is attempting to send mail to our addresses from a host not allowed to send mail from our addresses. I also seem to see a lot of localhost/localhost.localdomain and 127.0.0.1. I would like to see a lot more hardfail SPF hits and less SPF none. I still believe there are too many people who (subconsciously or otherwise) get a thrill out of "fighting spam" and the world would be much better off to move to taking responsibility for the mails they send. DKIM is about the closest thing to what I would like. You can have all the anti-spam laws in the world but proving responsibility is always the biggest problem. I would like to see a light weight service similar to DNS used to validate emails, quick and simple. It could be distributed like DNS and do you approve this mail, yes or no, like sender verification only without the smtp overhead. Last one that touches it is responsible, through the chain. The current, base, smtp spec simply wasn't developed in a time where anyone considered today's enviroment. There has to be a better way than trying to catch spam as that does nothing toward trying to stop it. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
