Paul Graham Describes Dangers of Spam Blacklists 611
CRoby writes "Paul Graham posted an essay describing the danger and corruption of the main spammer blacklists today. It discusses MAPS and the SBL, the blacklist created to try to alleviate the abuses of MAPS, and suggests (maybe) another blacklist's creation."
Definitely a bad idea... (Score:3, Informative)
A few comments (Score:5, Informative)
I assume that what Paul Graham is complaining about must be SpamAssassin, or some other content filter, applying a score to articles containing URLs, which when looked up in DNS resolve to listed IP addresses. This is much less acceptable, since the sender has no way to know that their e-mail may have been classified as spam.
The details of the listing can be found at http://www.spamhaus.org/sbl/sbl.lasso?query=SBL279 45 [spamhaus.org].
This is a /32 - i.e. a single IP address. I don't know
why Paul Graham's web site (which has that IP address) has been associated
with textileshop.com, which has a completely different IP address.
The other Yahoo listing on the SBL is also a /32.
I also note in another of Paul Graham's articles http://paulgraham.com/sblbad.html [paulgraham.com] he claims
As any fule kno, the most notorious spam blacklist is SPEWS. ~Paul is just pissed because... (Score:4, Informative)
...his website is hosted on the same IP address as a spammer (textileshop.com) was on yesterday, and because of that he's seeing some of his mail blocked.
There's certainly a need for thoughtful and hopefully positive criticism of blacklist behaviour. This article is not it.
Re:Definitely a bad idea... (Score:3, Informative)
The point isn't *me* using MAPS/SBL. The point is that others use it, thinking it makes a difference. Your netblock (that is, your ISPs netblock, or your ISPs ISPs netblock, etc) gets included in that list and *bang* you're a casualty of war.
Get it yet?
What IP is the originating mail from? (Score:2, Informative)
Is it possible that it's his outgoing cable-modem IP address that is the problem?
Is it, as the parent suggests, spam-assasin filtering?
I'm more than happy to get on the wagon of unresponsive RBLs. The only way they can actually get the response they want is if cleaning up your act results in de-listing.
However, Mr. Graham makes some big claims with nothing to back it up--and attempting to investigate on your own shows that his claims don't seem to check out.
Re:Paul is just pissed because... (Score:4, Informative)
Actually the IP address that's listed is store.yahoo.com.
Yahoo hosting is riddled with spammers, and store.yahoo.com is where most of them live, and where they accept credit cards for their purchases.
The SBL lists IP addresses that are involved in spam. 66.163.161.45 is involved in a lot of spam. It's not been removed from the SBL because, well, it's still actively being used by spammers.
Because countless spammers register domains on a daily basis, yet point them at the same IP addresses some people choose to resolve the URLs in incoming email and bounce the mail if any of them resolve to particularly filthy IP addresses.
66.163.161.45 is filthy. Blocking mail that has URLs pointing there will stop a fair amount of spam. Not an approach I'd use myself, but certainly a lot more effective (in terms of spam caugh and false positives) than many, many other approaches in widespread use.
Paul chose to host his website there, despite supposedly knowing a lot about the spam issue. That was probably not a good call.
Re:A few comments (Score:4, Informative)
In my case, I moved a server to a new colo facility. Most facilities have an IP block, and you get assigned an IP from it. Six months or a year ago that IP might have belonged to someone else. For me, it turned out in February a spammer installed a server at the colo, spammed from that server for a single day before the colo ISP turned them off. That IP got listed in Spamhaus; in the beginning of June I was assigned that IP.
So, I ended up with a Spamhaus listing for my mail server's IP address -- and _I_ can't get it removed. Spamhaus expects the colo operator to contact them (which they did on my request) but even there, if the blacklist operator doesn't like the ISP/colo people, they can ignore the request.
Fortunately Spamhaus listened and I got the record for my IP removed. But this showed me it was trivial for a non-spammer to inherit a blacklisted IP. I've added doing DNSBL checks on colo-assigned IP addresses for future moves to prevent any future issues.
Re:Definitely a bad idea... (Score:3, Informative)
Re:What IP is the originating mail from? (Score:2, Informative)
From TFA and from parent article I got impression that he suffers from people having spam filters which run URL's in the email body through blacklists. And I think that spam filter which gives too much points for that is more broken than the concept of DNSBLs.
'Terrorism' my behind... MAPS' side of the story (Score:3, Informative)
Here [online2000.net] is the link, that responsible editors would've offered in a story like this...
Re:A few comments (Score:3, Informative)
Um, no. That's not how spamassassin works - spamassassin uses a wide spectrum approach - it can take into account whatever blacklists you want to consult, but an RBL hit in spamassassin does not automatically mark the message as spam. An RBL hit is just one of over a thousand factors taken into consideration when making the call as to whether a specific message is spam or not.
Other methods used include central clearing houses of known spam messages (razor, DCC etc), time offsets, examination of header content, message content, weighted statistical analysis, presence of buzzwords, phrases, URL patterns and more.
Using all of the methods available and making a decision based on the overall picture makes spam assassin a very effective tool, with far fewer false positives than a hard coded "RBL in the MTA" approach.
On the other hand, SA does use more machine resources than does simply rejecting a message based on an RBL result, but that's the price of intelligent behaviour - it almost always requires more effort than a knee jerk reaction.
Home Connectivity ISP != Your Domain ISP (Score:3, Informative)
Re:Slashdot Language lesson (Score:2, Informative)
For example, in many places it's legal to do a citizen's arrest if you see someone actually committing a crime. If someone suspects a crime will be commited and hangs around armed with the intent of bringing the person in, that's vigilantism, and perfectly legal. Or even hanging around waiting to call the cops.
Or if, for example, people keep getting attacked in a certain part of town, so you, who happen to have a blackbelt, wander through there, waiting to be attacked so you can fight back...
It's usually not called vigilantism if it's legal, but if you are attempting to do the work of the legal system, it is being a vigilante.
However, vigilantism requires enforcing a law, be it an actual law or just a made up one. Or punishing someone who already broke the law. (Or, as sometimes happens, you merely suspect broke the law.)
Whereas spam fighting may be interacting with the results of a crime, it's no more vigilantism than picking up litter is, or rebuilding a house torched by arson. The crime already happened, no one's trying to punish or catch the criminals, they're trying to undo the harm caused.
I guess you technically could call spam reporters 'civil vigilantes', by analogy, because they are reporting a contract violation between two third parties to one of those parties. Instead of taking criminal offenses into their own hands, they're taking civil ones. But that's getting a bit silly.
Re:Wholehearted Agreement (Score:3, Informative)