Re: Backscatter.org used as RBL??

[Marc Perkel]

Matus UHLAR - fantomas wrote: On 06.08.09 15:37, Marc Perkel wrote: This might be an advanced concept for you but what I meant was - deliberately send spam. Everyone doing sender verification is someone who is trying to BLOCK spam, and therefore are the good guys. I also track SAV calls and I use it as a WHITE list. How do you differ between people doing SAV and people sending backscatter? The backscatter list mixes these so it mixes SAV with people who have poorly configured rejection system. SAV doesn't go into the DATA phase so if they do QUIT without DATA then it's SAV. And if they are doing SAV then they are one of the good guys and get, in my system, NOBL listed. NOBL means don't blacklist. The whole point of using backscatterer BL was to block bounces from machines that send much of them, e. g. are using accept-then-bounce method. (well, someone may want to block all mail from such machines) Do you say that backscatterer list contains IPs of servers that do _not_ send backscatter but are doing SAV? Do you have any proofs about that? I hope those "good" SAV users are also using some good filtering policy (reject machines w/o DNS, machines in blacklists, SPF fails) before they are doing SAV, otherwise they just DoS the victims... Actually the history of the backscatter list is that UCEprotect had them in their regular black list and do to pressure and complaints and false positives they separated them out. Their UCEProtect lists are better but still have a lot of false positives. But separating them was a move forward. What they should do is return different codes to indicate what got them on the list. SAV is not backscatter. So if it is from <> and there is DATA then it's someone who is sending bad bounce messages to faked sender addresses. But if there is nod DATA then it's SAV. These should be processed separately.