I loved RBL's. While I was using them, 98% of our spam just shut off. The problem was that even the major's like Earthlink was being blocked, so we had to turn them off. Basically the approach of getting individual users to pressure their ISP's to "get with it" never worked. In our business - a 2 person shop which includes my wife's business, we get over 10,000 pieces of spam every 15 days. This is an overwhelming problem for us. The only practical solution is to change our email addresses every year or so and hope for the best. -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, June 02, 2004 7:52 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT: Why Friends Don't Let Friends use RBLs http://www.ISAserver.org Hear, hear, John! I also find *some* blacklists to be very useful and I agree that there are some that are little more than small boys still crying "I have the power!!!!" . I also find reverse-lookups to be even more useful. If a mail source can't / won't maintain a valid Internet presence, I probably don't need their mail. This behavior is typified by the "mobile" spammers that change ISPs every week / month as they're discovered. It's also true of the "hey, look; I gots me a domain!" folks that believe that just because they can spend $15/yr on a domain name that they should be able to send mail from their house as well. Granted, there's a whole in the education process here, but that's the purview of the domain registrars and ISPs. If they're willing to take your money to "support" your domain, they should at least point you toward the "rules of the road" and allow you to define your rev-lookups. If your ISP can't / won't help you in this, then maybe it's time to seek out another provider (I know; not everyone has that choice). Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "John Tolmachoff (Lists)" <johnlist@xxxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, June 01, 2004 23:13 Subject: [isalist] RE: OT: Why Friends Don't Let Friends use RBLs http://www.ISAserver.org Responding to multiple posts: > Blacklists have always been a pain in my *ss. Seems a lot of admins I know > used to view them as a first form of defense against spam, well at least > used to until I knocked sense into them. > Blacklists have been a disappointment to me. What seems like a really > good idea falls somewhat short in implementation. I'd love to have a > reliable blacklist of spammers, but far too often false positives and > other problems have rendered them more trouble than they're worth to me. > (so we've never used them) > I don't use RBLs and I see very little spam that makes it to our > domains. Using a combination of spam whacking techniques, I find no > reason to support their dastardly deeds. All valid points. Stand bye! > 1. They do *not* inform the person they put on the list that they are > indeed on the list Counter points: A. Not always possible to find who to report to. Many domains erroneously do not accept e-mail to abuse@ or postmaster@, which by RFC they are required to do so. Many do not accept e-mail to the domain literal, (IP address instead of domain name) which some of the RBLs that everyone complains about does indeed send a notice out, but if the server is not configured to receive it... B. It is the responsibility of the entity that wants an e-mail server on the Internet to take the needed steps to be familiar with the requirements and ramifications of doing so. C. You own a vacant house. Drug dealers begin using it to spread their venom. Is the policy required to notify you before take action to stop that activity? > 2. They do *not* perform due diligence before placing someone on their > lists Counter points: A. True for some, not for all. This is why we research and talk about which ones to use. In fact, on a list I am on for the anti-spam software I use, other members have regular conversations with the keepers of some lists, and those just happen to be the ones that we have found to be the best to use. B. If thousands of people start reporting they are receiving spam from an e-mail server, isn't that enough evidence? Ask AOL. > 3. They do *not* take fiscal responsibility for the damage they > "inadvertently" do when they DOS entire domains Counter points: A. "They" did no damage, as they them selves blocked no one. The ones that "denied" access are the ones that voluntarily use the lists. B. No one forces any one to use the lists. Use of them is voluntary, and almost if not all clearly state that use of the lists is "use at your own risk!" C. In the check out lane of the grocery store, you see a magazine that says women has child with alien as the father, do you take it as truth, or do you use your wisdom and judgment? D. It is raining out side and your roof is leaking. You run to the hardware store and buy a tarp to put on the roof. It works great. Hey, this is great, it stopped the leak. 2 months later, the tarp is still there. It starts raining and rains for three days. The leaks start again. Do you complain to the tarp manufacturer that the tarp that has been in place on the roof to stop leaks no longer works? > 4. Many people find it virtually impossible to be removed from their > lists Counter points: A. For some RBLs, this is absolutely true. This is why we do not use those ones, or weight them very slight. > 5. They often take the position as "censor" and include in their dreaded > databases domains that host content that they, or some disgruntled grunt, > doesn't approve of. Counter points: A. For some RBLs, this is absolutely true. This is why we do not use those ones, or weight them very slight. B. Some domains out and out deserve it. Do you know there is a company based in Las Vegas maintains a free mailing list to spread the word about Amber Alerts? Wow, they must be good people. What you do not know is they harvest those e-mail addresses that sign up, sell them to their other clients, which then turn around and send out spam. Oh, BTW, this company is also a registered ISP, so their IPs are assigned straight from IANNA or what not, so that no one above them can shut them down. You know what, we block every single IP that company has period! > 6. RBL'ing open relays is fine, but they should be responsible for > removing an entry from their list within 1 hour that the relay is > closed, and inform *all* harried network/mail admins of their hastiness > and that they should remove the entry ASAP. Counter point: A. Some in fact do this. How, by performing automatic tests every 24 hours. If the tests then comes back clean, bingo, you are off. BTW, AOL does this to. If you get listed, they retest every 24 hours. B. Those RBLs that are responsible, if you notify them you are now clean, they will indeed retest or otherwise cause you listing to be removed as soon as is practical. C. RBLs are checked dynamically via DNS. This means that as soon as a listing is removed, it is gone. The very next second, if the DB is checked, it will not be there. D. NO ONE should be using a static RBL list that was downloaded. The whole premise behind a RBL is by dynamically checking against the DB via a DNS A record request. John Tolmachoff Engineer/Consultant/Owner eServices For You ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mike@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist