RE: OT: Why Friends Don't Let Friends use RBLs
- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 1 Jun 2004 23:13:26 -0700
Responding to multiple posts:
> Blacklists have always been a pain in my *ss. Seems a lot of admins I know
> used to view them as a first form of defense against spam, well at least
> used to until I knocked sense into them.
> Blacklists have been a disappointment to me. What seems like a really
> good idea falls somewhat short in implementation. I'd love to have a
> reliable blacklist of spammers, but far too often false positives and
> other problems have rendered them more trouble than they're worth to me.
> (so we've never used them)
> I don't use RBLs and I see very little spam that makes it to our
> domains. Using a combination of spam whacking techniques, I find no
> reason to support their dastardly deeds.
All valid points. Stand bye!
> 1. They do *not* inform the person they put on the list that they are
> indeed on the list
Counter points:
A. Not always possible to find who to report to. Many domains erroneously do
not accept e-mail to abuse@ or postmaster@, which by RFC they are required
to do so. Many do not accept e-mail to the domain literal, (IP address
instead of domain name) which some of the RBLs that everyone complains about
does indeed send a notice out, but if the server is not configured to
receive it...
B. It is the responsibility of the entity that wants an e-mail server on the
Internet to take the needed steps to be familiar with the requirements and
ramifications of doing so.
C. You own a vacant house. Drug dealers begin using it to spread their
venom. Is the policy required to notify you before take action to stop that
activity?
> 2. They do *not* perform due diligence before placing someone on their
> lists
Counter points:
A. True for some, not for all. This is why we research and talk about which
ones to use. In fact, on a list I am on for the anti-spam software I use,
other members have regular conversations with the keepers of some lists, and
those just happen to be the ones that we have found to be the best to use.
B. If thousands of people start reporting they are receiving spam from an
e-mail server, isn't that enough evidence? Ask AOL.
> 3. They do *not* take fiscal responsibility for the damage they
> "inadvertently" do when they DOS entire domains
Counter points:
A. "They" did no damage, as they them selves blocked no one. The ones that
"denied" access are the ones that voluntarily use the lists.
B. No one forces any one to use the lists. Use of them is voluntary, and
almost if not all clearly state that use of the lists is "use at your own
risk!"
C. In the check out lane of the grocery store, you see a magazine that says
women has child with alien as the father, do you take it as truth, or do you
use your wisdom and judgment?
D. It is raining out side and your roof is leaking. You run to the hardware
store and buy a tarp to put on the roof. It works great. Hey, this is great,
it stopped the leak. 2 months later, the tarp is still there. It starts
raining and rains for three days. The leaks start again. Do you complain to
the tarp manufacturer that the tarp that has been in place on the roof to
stop leaks no longer works?
> 4. Many people find it virtually impossible to be removed from their
> lists
Counter points:
A. For some RBLs, this is absolutely true. This is why we do not use those
ones, or weight them very slight.
> 5. They often take the position as "censor" and include in their dreaded
> databases domains that host content that they, or some disgruntled grunt,
> doesn't approve of.
Counter points:
A. For some RBLs, this is absolutely true. This is why we do not use those
ones, or weight them very slight.
B. Some domains out and out deserve it. Do you know there is a company based
in Las Vegas maintains a free mailing list to spread the word about Amber
Alerts? Wow, they must be good people. What you do not know is they harvest
those e-mail addresses that sign up, sell them to their other clients, which
then turn around and send out spam. Oh, BTW, this company is also a
registered ISP, so their IPs are assigned straight from IANNA or what not,
so that no one above them can shut them down. You know what, we block every
single IP that company has period!
> 6. RBL'ing open relays is fine, but they should be responsible for
> removing an entry from their list within 1 hour that the relay is
> closed, and inform *all* harried network/mail admins of their hastiness
> and that they should remove the entry ASAP.
Counter point:
A. Some in fact do this. How, by performing automatic tests every 24 hours.
If the tests then comes back clean, bingo, you are off. BTW, AOL does this
to. If you get listed, they retest every 24 hours.
B. Those RBLs that are responsible, if you notify them you are now clean,
they will indeed retest or otherwise cause you listing to be removed as soon
as is practical.
C. RBLs are checked dynamically via DNS. This means that as soon as a
listing is removed, it is gone. The very next second, if the DB is checked,
it will not be there.
D. NO ONE should be using a static RBL list that was downloaded. The whole
premise behind a RBL is by dynamically checking against the DB via a DNS A
record request.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
Other related posts:
