Spam Blackhole Lists Redux 329
tsu doh nimh writes "Are spam blackhole lists good, bad or indifferent? That appears to be the question they're tackling in this Washington Post story. It has some interesting back and forth between supporters of the lists and those who claim they condone censorship."
J adds: Brad Templeton recently
offered some comments
on the most extreme pro-blacklist position.
You'd get better results... (Score:5, Funny)
Re:You'd get better results... (Score:5, Funny)
Now, what in gods name did blackholes ever do to you buddy!
Re:You'd get better results... (Score:3, Informative)
Re:You'd get better results... (Score:4, Funny)
Mr. Carmack (the spammer) was arrested today. (Score:2, Informative)
Re:Mr. Carmack (the spammer) was arrested today. (Score:2)
Re:You'd get better results... (Score:2, Funny)
Or sending them to the center of the earth, in a big blob of iron. Good test case.
Counter to the spirit of the Internet (Score:5, Interesting)
And they're not. They go against the spirit of the Internet. What makes it great is that everybody HAS a voice, and when we start talking about who should have a voice and who shouldn't we start to sound a lot like fascists. Doesn't matter that it's speech we don't agree with, because it's just a matter of time before the whole thing is so watered down that nobody in their right mind will bother to use it (like amateur radio nowadays...)
Re:Counter to the spirit of the Internet (Score:3, Insightful)
Let the people choose. I use SpamCop as a RBL and I still get a decent amount of spam. This weekend, I plan on adding some broad ACLs so my mail server won't ha
Re:Counter to the spirit of the Internet (Score:5, Insightful)
Imagine that you're having a lively conversation at a dinner party. There are a dozen different groups of chatters in the room. The spammer mentality recognizes the opportunity here: If I just brought in a megaphone, then everyone would be able to hear what I have to say.
The problem is twofold: Everyone has a message that they want others to hear, and thanks to the marvels of the Internet, everyone with a broadband connection has a huge megaphone. At some point, it becomes difficult to pick out the messages that are important to an individual, and the medium as a whole suffers. The solution here is to silence the proverbial megaphones.
The difference between Spamhaus and the RIAA is that Spamhaus is interfering with "speech" that interferes with more constructive speech, and the RIAA is trying to interfere with speech that interferes with their monopoly on certain messages.
Re:Counter to the spirit of the Internet (Score:2, Interesting)
I disagree. The difference between anti-spam address lists and the RIAA tactics is that anti-spam address lists are utterly and completely voluntary. There's a problem when ISPs start ignoring traffic from certain segments.. But to say that everyone has free speech a
Re:Counter to the spirit of the Internet (Score:2)
Re:Counter to the spirit of the Internet (Score:2, Insightful)
There's a difference between free public speech, and invasion of privacy. Would you call it free speech if someone broke into your house and talked dirty to your underage daughter?
These lists are not about stemming free speech... they're not stopping anyone from setting up a webpage or some other form of information server, they're about stopping invasive practices from people... shoving their CRAP down other
Re:Counter to the spirit of the Internet (Score:3, Insightful)
Even worst is when whole blocks of addresses are block just because a spammer has been using one address in the block. Thi
Re:Counter to the spirit of the Internet (Score:5, Insightful)
In the case of spam, it is on my dime too!
Re:Counter to the spirit of the Internet (Score:2)
Fine. You send me your e-mail address & I'll forward messages from all those people whose freedoms you're concerned about preserving.
Yeah... just think of it, you'll singlehandedly be preserving their constitutionally granted right of free speech.
Re:Counter to the spirit of the Internet (Score:2)
Spammers illegally harvest email addresses, illegally steal computing resources from insecure servers, illegally hack servers to send email and take great pains to conceal their identity.
Everyone still has a voice on the internet -- as long as that voice isn't 12 million emails sent to millions of random people.
E2E and reasonable laws are the answer. (Score:2)
I'd prefe
Free Speech (Score:5, Informative)
Re:Counter to the spirit of the Internet (Score:2, Informative)
This idea is discussed in Larry Lessig's [stanford.edu] Code and Other Laws of Cyberspace (which was actual
Specious Argument (Score:2)
In my view everybody has the right, absolutely, to free speech. However, I have the right, absolutely, not to be forced to hear it, or even know that somebody is speaking at all, if that is my wish.
Re:Counter to the spirit of the Internet (Score:2)
World estimated population = 6 billion.
Even if you get only 1 call per minute, that means you'll be answering your phone for the next 11000+ years. I hope you have a good pool of highly paid secretaries to answer all those calls.
-- end scenario --
So, now that I've scared t
Kids (Score:3, Insightful)
If I want to use someone's spam blacklist it's no different than if I want to use someone's killfile. You have to the right to speak, but I don't have to listen.
Re:It's not exactly counter... (Score:5, Interesting)
You know, I've seen some really good posts from you that get undeserved hostile replies based solely on who you are and what your unpopular political positions represent. (I know you're only karma whoring to keep your score above 0, but that's sort of irrelevant, really.) You recently wrote this excellent post [slashdot.org] about calculating bolometric luminosity- and the discussion quickly degenerated into a brawl about racism, with people inappropriately screaming at the moderators for marking your post as Informative, followed by Anonymous Cowards putting in their own racist two cents. I even defended you once, and pointed out that a moderation applies to a post and not its author. (Thus whoring some karma for myself in the process, and making it onto your friends list- so if anyone looks at my fans list now, they'll see "I'm a racist" listed there.)
You're certainly a character- a racist with a degree in astrophysics- in fact you seem like you'd be an interesting person to know in real life. But if people start screaming "mod this racist down" this time, I cannot defend you. Your actual post was needlessly and purposefully offensive, which is sad because otherwise it does bring up a valuable and subtle point. You just had to spoil it.
Besides, I can't imagine getting an email saying "niggers are great". It simply makes no sense. Unless it's a white supremacist being sarcastic. And it doesn't fit this situation, since it's political speech. Spam is inherently commercial speech. For your analogy to work, the spam would have to be offering them for sale, not simply saying they were "great".
Kudos for simultaneously karma-whoring and slipping the words "nigger" and "porch monkey" into your post. I rarely see anyone pull that off.
Re:It's not exactly counter... (Score:3, Interesting)
> Nonsense. Spam is unsolicited bulk email.
Well, it's both (usually). It's unsolicited bulk email that is hawking garbage.
But the fact that it's commercial speech undercuts the idiotic First Amendment arguments that spammers make when they send email that's trying to sell stuff. Many of the laws attempting to shut it down hinge on its commercial speech aspect.
Non-commercial spam is still rare. Although I've seen it too. I even got a spam once from someone w
Re:It's not exactly counter... (Score:2)
Re:It's not exactly counter... (Score:2)
what about ISPs who possibly dump the email that you DO want and have even explicitly requested into oblivion?
I don't know about you, but no mailing list that I have ever been on makes any effort to hide either its origin or nature. Besides, the hosts that send spam and mailing lists are nearly disjoint.
Re:It's not exactly counter... (Score:2)
That's not the point... despite how easy you apparently think it is to set up a good blacklist, legitimate mailing list users (e.g. Peacefire, MoreOn.org) have been blocked in the past despite not being spaming operations.
I still don't understand... (Score:5, Interesting)
Re:I still don't understand... (Score:2, Insightful)
That's the beauty of the internet. We can all do it the way we want. I am afraid of what will happen when some people start imposing their ideas of how things should work on the system.
Often what starts as common sense restrictions becomes a straightjacket.
Re:I still don't understand... (Score:3, Interesting)
Not to mention making mailing lists completely useless.
Re:I still don't understand... (Score:2)
Re:I still don't understand... (Score:3, Interesting)
Added bonus of this method (Score:2)
Re:Added bonus of this method (Score:2)
Good. They suck.
bit bucket (Score:5, Insightful)
Perhaps the solution is to design a standard format for a black hole list, and add that functionality to email applications? If the end users had such access for themselves, then they could decide whether they wanted someone else to censor their mail (and whether they wanted to bypass that censorship for certain specific people or networks).
And yes, I know there is software that does this, but it's all proprietary. Is anyone interested in adding a generic functionality to, say, Mozilla? Perhaps the ability to import an XML list of bans from one or more specified URLs, run by volunteer blackhole list sponsors?
Re:bit bucket (Score:2)
Requiring it as an option in the email client puts just another task on the end-user's computer that's better handled back at the server.
Re:bit bucket (Score:2)
(with the exception of government servers. The government has the additional responsibility of ensuring their servers do not block any speech that would be protected by the constitution, and that would probably make blacklists impossible for them)
In the case of an ISP, I do think it should be disclosed to their clients so that those clie
Re:bit bucket (Score:2)
I believe that a black list is something that is loaded into a firewall router by an ISP. It is NOT something that a computer sits there and reads each message to find. Read the article, see where the ISP guy explains that filtering is no good, because if he has to filter it, then it's already costing him money? That's what black lists prevent -- the email from even reaching the ISP WAN link.
What if a spammer gets a new IP address,
Re:bit bucket (Score:2)
In my opinion, it would be better to create a more robust email clients that give the end user the ability to control their mail. For example, just a simple function like letting the clients download and process the headers, before downloading the body of the mail would eliminate a bulk load of network traffic caused by spam.
The fact that a bunch of sysadmins are running arou
...which sadly doesn't solve all of spam problems (Score:2)
Adding a blacklist at the receiving end will only help the user using it, and one can only hope that spammers will eventually realize that much of their traffic is simply not getting through, and figure out a different sort of scam to pull on people. Unfortunately this doesn't solve some of the more serious problems with spam, such as congestion of mail servers and backbone pipes. I've heard some statistics quoted that some 80% of traffic on much of the core routers appears to be spam. A blacklist in the
Re:bit bucket (Score:3, Insightful)
they are certainly censorship
You keep using that word. I do not think it means what you think it means.
The word "censorship" strongly implies content filtering perpetrated by a government. Blackholes are not content based -- they operate much more on the "consent" level (either you have permission to send e-mail to me from the IP you're using or you don't -- what is in the message is irrelevant).
Blackholes are not perpetrated by the government (except within its own offices or in particularly opp
blackholes... (Score:2, Insightful)
Re:blackholes... (Score:2)
Certainly a good thing (Score:2, Interesting)
Re:Certainly a good thing (Score:2)
Re:Yes but what about re-assigned IPs to new perso (Score:3, Insightful)
Why should an ISP expect immediate removal? Surely if they take their time to eject a spammer from their networks they should expect likewise from the community? Considering blacklisting is used as a last resort when all other avenues - abuse reports, reeducation - have failed, why should it be an easy life? Why not avoid blacklisting in
Re:Yes but what about re-assigned IPs to new perso (Score:3, Informative)
To the best of anyone's knowledge, SPEWS' approach is this:
1) Set up spamtrap addresses, seed them on Web and USENET
2) Receive spam: complain to ISP.
a) If spam stops, stop.
a) If spam continues, blacklist.
3) If spam still continues, expand blacklist by stages until the entire ISP is blocked.
4) Keep blacklist in place until
a) the ISP notices its problem and stops the spam
b) the ISP goes out of business
c) t
To RBL or Not RBL... (Score:4, Interesting)
Spamassassin and the like do a decent job of helping the spam problem, but my users still complain that their SPAM box has 80 messages a day...even if they get no false positives.
Personally, I'd rather have control over this than my ISP...as at least I can control how I choose to filter or not to filter. And I think the brute-force nature of an RBL often offers piece of mind but without adequate logging or reporting to guarantee you're only blocking what you intend. I'll settle for a full SPAM box any day...
Re:To RBL or Not RBL... (Score:2)
I also have no problem with people sorting their mail automatically and deciding for themselves what to keep and what to dump.
With respect to ISPs, I think it is appropriate for them to use RBLs as long as it is disclosed to the users. The people affected by the blocking to have a right to know the specifics of the limit
Re:To RBL or Not RBL... (Score:2)
If anything, i am militant above and beyond RBL's......
i add entire colo's to my port 25 blocking firewall if they host spam hauses. If their hosting spammers, then i dont need ANY of their smtp traffic.
Re:To RBL or Not RBL... (Score:3, Insightful)
My SpamAssassin is configured to reject the suspicios e-mails with a polite message: 550 This looks too much like spam. Please, contact your intended recipient with a short plain-text message
This way, I don't have to worry much about false positives -- the innocent senders (if any) will immediately know, what happened and will
Re:To RBL or Not RBL... (Score:2)
What do you call... (Score:5, Funny)
A start...
Re:What do you call... (Score:3, Funny)
Shoot the spammer twice.
No quarter (Score:2, Insightful)
Spam is the direct result of an abuse of the existing system(s). It costs companies money, money that they would not be spending otherwise. Spam is not like traditional advertising, like in TV, in which the advertiser actually pays for the ads (since they are usiing the hosters resources and/or popularity). On the contrary, the Spammers pay no fees, and force the hosts to take financial losses.
Immediate death is the answer. Kill them. They are like animals. AND WE SHOULD TREA
Re:No quarter (Score:2)
I'd say the safest way to do it is to use an RBL that has an efficient removal process to handle mistaken listings. Or you could only run your heaviest filters on messages flagged by the RBL. I'm not running a mail server right now (thank heavens) so that's just off the top of my head.
Any mail admin who is using RBLs alone isn't doing the whole job. I can't see it being professionally responsible (in the strictest sense) to rely on a sole source for
Uhh, no. (Score:3, Informative)
SPEWS' WHOIS record isn't really hiding anything when you ask the right server:Whether or not that address really exists, I don't know - but I doubt SPEWS is about to put obviously bogus information (e.g. not@available.org) in their WHOIS record. The spammers would just file a complaint with ICANN.
Re:Uhh, no. (Score:2)
I've observed many exchanges between SPEWS staff and people complaining, and found the SPEWS people to be quite reasonable. They try their best to make their listing accurate.
Brad Templeton and his analogies (Score:3, Insightful)
What is the difference between asking ISPs to cut spammers and sking ISPs to cut users, who set up porn websites?
Well, the latter is not against the TOS of the ISP. The first one is.
The latter is not threatening to destroy Email. The first one is.
The latter is not stealing. The first one is.
But I guess this one's just another personal opinion of an EFF Director, and not representitive of EFF's opinion on these issues...
Proletariat of the world, unite to kill spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death.
Re: Spamming is stealing (Score:2)
Not the spammers...They're the freeloading thieves of the Internet.
It might make sense for you to think before hitting that reply button.
Proletariat of the world, unite to kill spammers
Re: Spamming is stealing (Score:2)
I've noticed that when I've opened HTML SPAM that the server are pretty well
Vary Simple Solution - Use with Discretion (Score:3, Interesting)
As for the consequences for the sender, of sending to a recipient who may not recieve the mail, due to the appearance of the sender's IP address on the SBL or other such lists; the sender is responsible to insure that they recieve service from a reputable ISP who does not cater to spammers. This presumes that due diligence was performed before any IP is added to an SBL list. This also asumes that any mail recipient using such lists is responsible for using a reputable list provider where they are confident of the due diligent performed in generating the list. The whole system (not unlike many other elements of internet architecture) depends on the good faith / good will of the participents.
The primary responsibility lies with the email recipient who selects an SBL type list that is as lax or stringent about the content of the list, as the email recipient is comfortabe with, since the relative levels of stringency maps directly to how much legitimate mail that recipient will have rejected.
--CTH
Spam blackholes are flawed (Score:3, Informative)
You're out of character, dude. (Score:2)
We are not afraid of the Spam. Allah has condemned the spammers and they will all die. There is no spam on the internet. The spammers have been defeated in battle after battle. They will commit suicide on the firewalls of our ISPs. God will roast their stomachs in hell.
We can fix the open relays... (Score:3, Interesting)
Yes and NO (Score:5, Insightful)
Sure, if you get SPAM at work, you personally don't absorb the cost... and sure, if you have uncapped internet access, sure you don't absorb the cost. BUT SOMEONE DOES. I don't get SPAM at work but do on some personal email addresses and I, like many other people outside the united states, DO NOT have unlimited download limits.
So those who want the right to speak freely about their latest porn sites, sex products, can pay, albeit a tiny amount of money, per email we receive.
Another thing about free speech, it doesn't mean you can talk as loudly as you want in the middle of the street at 3am - no, you WILL be approached by authorities for disturbing the peace - just try it. SPAM is not really all that much different - you don't have the option of not hearing it, the same way as you don't have the option of not hearing someone blaring music or screaming at 3am while trying to sleep. While the remedy might sound easier to delete a SPAM message than bother the local police for noise complaints, you don't have the noise every day, and hundreds of times.
Free speech might mean not being censored, but it doesn't mean you can do it at other people's expense of inconvenience.
Reply with a DOS (Score:2, Interesting)
So Every time a mail server receives a suspected spam, it would fork() off this script against the server that sent the spam. With enough receiving servers configured to do the same, *poof*! The offending mail server is, almost instantaneously, effectively taken off t
DOS-E-DO (Score:3, Interesting)
After all, in some way the spammers are DOS'ing the internet as a whole, increasing the demand and use of potentially shared resources such as bandwidth, mail servers and so on. As often happens there does not seem to be any reasonable way to actually charge them for these resources. Legal solutions seem unlikely to work - and given the legal solutions we've se
Blackholes don't really work anymore for me... (Score:4, Interesting)
When i first tried it 6 months ago, it magically worked, 99% of spam ended up in my spam folder.
Now the blocking ratio is down to about 10%... and here's why. There are 3 MX records for us:
A - linux server - MX = 10
B - msexchange server - MX = 20
C - isp's server - MX = 30
messages delivered to A are tagged (if spam) and forwarded to B. B exists in the MX records for redundancy. C is used because A and B are on the same site.
What i'm finding though, is that spammers send emails to B or C. When A receives the email, it has come from B or C, not the original spammer, so suddenly the blocking doesn't work anymore.
dammit.
It can only work if everyone in your MX record list does it, and my isp is the biggest in Australia so it's an awfully large machine to move.
I have tried adding in more dummy MX records, so that A is first, middle, and last. That seemed to work for a bit but not for long. I might have more success adding different ip addresses for A and peppering the MX list with those... but it's a bit messy.
d. None of the above (Score:4, Interesting)
Still, how effective can a blacklist, however well implemented & maintained, really be? Isn't this one of the easier types of blocks for spammers to get around?
If everyone would just stop trying to grow their penises, turn $5 into $5000, and visit XXChristyXX in her all-nude sorority, spam would wither and die. Lately, I've received some very helpful emails about how to stop spam and make money in the process, secrets I will be sharing with about 16 million fellow computer users very shortly.
--MichaelWill they ever get it? (Score:3, Insightful)
"OUR MISSION is to promote and foster the highest ethical relationship between businesses and the public through voluntary self-regulation, consumer and business education, and service excellence." www.bbb.org
The BBB is an organization without authority. It is a voluntary system to People can lodge complaints about a business. People can also inquire about complaints against a business.
I may choose not to do business with any other businesses that do not have what I consider acceptable BBB records. Is it really the BBB's fault? Is their system flawed?
I don't think so. The BBB only provides information. Depending on how much I value the BBB or information, I will choose to do business with a company.
Blacklist are not much different. Organizations sign up for their information *voluntarily* and understand that there may be some "false positives" or disputed cases. Organizations weight the benefits and risks and make their own decision.
If a blacklist proves to block to much email then organizations might try another blacklist or not use one.
Thats it for now.
ok
No to blacklists! Yes to whitelists! (Score:2, Funny)
Same thing should be with email. No need to blacklist bad IPs (which might not belong permanently to a spammer) or email addresses (also very temporal). Instead, list all people you trust or all their features that make the being trusted by you. You can guess that I mean e
Re:No to blacklists! Yes to whitelists! (Score:3, Funny)
Actually, I've known many guys for whom the first list would be shorter.
Question for Brad Templeton (Score:5, Insightful)
What if, at the end of Brad's list, we add:
h) trading child pornography
i) plotting terrorist attacks
j) promoting cannibalism
On his list, items a, f, and possibly g are potentially illegal - the others are clearly legal in the U.S., although they may violate service agreements with some ISPs. Nonetheless, even the possibly illegal actions are perceived as minor crimes, like speeding - if you found out your neighbor was doing these things, you wouldn't start looking for a new place to live. The three items I listed above are different - if any reasonable person even suspected that their neighbor was planning or committing one of those acts, they'd be calling 911 (or your local government's equivalent, unless you live in a country that supports terrorism / kiddie-porn / cannibalism) in a jiffy.
Spam is different from both of these. It's legal in most places, which distinguishes it from the three items I've mentioned, but it's looked upon with nearly equal horror as a violation of trust. If spam were made illegal (particularly porn spam), it could easily be lumped in with these other categories (okay, spam doesn't directly involve killing/torturing other people, but when you get spam that lists your full name and discusses rape, that's bordering on assault).
I think most people would consider it ethically responsible for their ISPs to report kiddie-porn traders, terrorists, and cannibals - at the very least, it would be irresponsible of the ISPs to not report such activities if they were aware of them. The difference, which Brad's post ignores, is that some activities (kiddie-porn, terrorism, spam) cause or can potentially cause DIRECT phsyical or emotional harm to other individuals (and before you argue this point with regard to spam, think carefully about how you would distinguish between soliciting children for sex and sending porn emails to children), while other activities (copyright infringement, NAT) don't.
To (hopefully) temper the debate, I'll add that I would oppose a "one strike and you're out" rule. It's easy to imagine someone being tricked into downloading unpleasant images, and it's easy to imagine someone sending out spam without knowing any better. But after being warned, the punishment the second time should be more severe.
Re:Question for Brad Templeton (Score:5, Insightful)
Blacklisters say, "punish the ISP for providing bandwidth to the spammer."
I see the ISP more like the phone company. You don't blame the phone company because people can trade kiddie porn or plot crimes or terrorism over the phone. You don't call for the phone company and all the people with phones in the same phone exchange to be punished until they rise up against the child pornographer among them.
If we say "it's OK to blame and make accountable the ISP for the actions of the spammer" you turn the ISP into a policeman of the bits rather than just a provider of bandwidth.
I worry about the precedent in doing that. There are a lot of other internet activities people want to punish, as I pointed out, and how do we tell them they can't use the ISP as their tool of punishment.
As we've seen in the Verizon case, the RIAA can force an ISP to hand over your real identity without proving you did anything. We want to be careful about where this leads.
Re:Question for Brad Templeton (Score:3, Insightful)
You don't blame them if they don't know about it. Once they've been informed that someone has been placing 500 prank calls/day or whatever, and they refuse to do anything, it's perfectly reasonable to blame them.
I don't know of any blacklist that adds ISPs simply because one or two spams have come from their network. The ISP has to refuse to stop
Re:Question for Brad Templeton (Score:3, Insightful)
So if some ISP is hosting someone who is eating up your bandwidth with ping packets, and never stops, you're going to consider that to be just like the phone company and not try to get them to stop it ... or if you do ask them to and they ignore you, you're not going to blame them for hosting someone who attacks other networks?
I don't know of any cases where the existance of music trading, or kiddie porn, has denied me of the resources and services I have paid for on the internet. Those may or may not be
while i was RTFA'ing (Score:3, Insightful)
"Blacklist operators call this "collateral damage," admitting that it is an unfortunate side effect. But for people like Haselton, who can go unaware for weeks that their messages are dissolving into the ether, collateral damage can seriously hinder someone's ability to communicate via the Internet."
Unaware? Why the fuck didnt he check his smtp logs and notice all the 553's ? When you hit a mail server that rbl's you, it sends you a 553 bounce.
Also, many user's mail servers will notify the sender of the bounce and give them a copy of the bounce message so they know why it got bounced.
Collateral damage is why you NEVER ever host your servers with a spam friendly outfit. Our company recently hosted a client's email server, and the FIRST thing we did was run the colo against every blacklist we could think of. We also asked them their policy on handling abuse emails, and spammer termination. Read news.admin.net-abuse.email , its full of good info on how to avoid spam friendly hosters.
Condone censorship? (Score:2, Insightful)
Ever wonder? (Score:3, Interesting)
Blacklists suck, they don't work. Blacklist an ip address or range and a new guy gets it and can't send mail, real fucking smart and real fucking frustrating to be the admin, use the reverse domain name all you want, but don't involve the ip address.
Do you think ISPs want spammers, spammers are a pain in the ass to deal with, they are the squeeky wheel at an ISP and they rarely pay their bills after bitching about everything.
An extension to smtp and pop3 is needed, smtp stopped working years ago and people now ignore their email, often you need to call someone to check their email and search for you amongst all the spam in their box.
I'm an admin, not a programmer, but I would do it this way if I was a programmer.
mail is received, the host starts out with a zero rating and the user does as well.
A global bayesian filter then ranks this piece of email, the email is then delivered to a users box with the rating attached for the domain and the user.
The user may sort by this rating to filter out spam from non spam, it is optional at this point, but if the user is using software with the necessary extension, the user can then check if the email is spam or good and have the domain's rating adjusted slightly, and the user's rating fully in the negative or positive, if negative the sending user will not have mail accepted again unless someone uprates the user.
If enough complaints arrive from the sending domain, the domain is blackballed and cannot escape since multiple users have decided that this domain is sending inappropriate email according to the TOS of the receiving ISP.
So, to be more specific, sorry to make this so long, but maybe it will inspire someone.
Connection established with port 25, reverse checked for presence on blackball list, if present drop connection silently. No reverse also gets dropped.
Check for from line with specific user name, if user is on blackball list drop connection silently.
Receive email and grade with bayesian filter using global ruleset, this filter cannot blackball domain or user no matter how much it looks like spam, but can make it nearly so.
Deliver mail, if user confirms mail is spam, blackball user and downgrade domain further, this may actually blackball the domain if enough mail is sent and the filter grades it badly enough (based upon average grade).
Since Dialup and DSL connections do not control their own reverses, it would be trivial to add a simple filter that would refuse mail delivery from these sources, except from their own isp, and then the outgoing mail would be run through a filter, if the rating dropped for the user into negative territory as reported by receiving servers the user would lose their bulk smtp privledges and have thier outgoing mail throttled in a severe fashion with all mail containing bcc and cc mail rejected, and the number of emails per hour limited to stave off potential damage.
The SMTP extension comes into play with a network of these mail servers, blackballed domains would be automaticlly sent to a neighbour in p2p fashion, but ratings would only be accepted if the neighbour server had a valid key, that would be exchanged amongst admins and a network of trust would form.
If a domain becomes blackballed, a user/domain notification takes place alerting that site to the fact mail from their domain/user is not being accepted, at this point an admin could get involved, but my guess is that more often than not the domain will remain there.
Anyhow flame away, my asbestos suit is on
Forget RBLs - active whitelisting is the future. (Score:3, Informative)
If you feed your inbox/archives into your whitelist, 99% of people who e-mail you won't even notice the system is running.
I used to get about 200 spams a day. I tried RBLs, I tried spamassassin. None of it worked reliably - RBLs were only catching about 20% of my spam and spammers now get around spamassassin by looking at the rules when they craft e-mails. False positives were also a problem - sure, it's quicker filtering suspected spam into a spam folder for batch-checking, but it's still a serious hassle with >80 dubious borderline spams a day, and tens slipping straight through the spamassassin/RBL net into your inbox.
Happily for those of you running your own mail servers (or sitting on a *nix box which delivers mail locally via procmail), you can get a program which will do this for you for free. It's called Active Spam Killer, it's written in Python, and you can get it here [paganini.net].
Misses the point.... (Score:2, Insightful)
These people steal bandwidth and services from both the originating and the receiving companies and ISPs. They pedal blatantly false products (Are you stupid enough to think that you can enlarge the flaccid size of your penis
Take the middle path (Score:2)
Stolen idea (Score:3, Interesting)
Adjust the RFC such that a mail type header is mandatory and define the mail types. Personal, bulk, subscribed, non subscribed, comerical, non comerical, etc. Define these in a technical sense. Then pass a law that says it's illegal to lie in the headers of an email. The law only has to say that it's illegal to go against the standard. The standard says it must be included to be legitimate email, and the standard can be changed and adjusted without lengthy legal processes (but there should be *some* process) to meet loopholes people find.
This makes it easy to identify spam, and provides penalties for lying.
Your still going to have spammers who lie, and you can identify these somewhat easily from the parts of headers they can't fake and the government should go after them. The spammers who want to operate within the bounds of a system and think people want their Bulk comerical email will have to identify it as such, and it's easy to dump it at any place in a network that you own. An IMAP client should be able to read the header and delete before ever downloading.
It doesn't solve all the problems, but it provides a solution without government censorship.
And why hasn't anyone made it a technical standard that there are no open relays and that relay by MX is not legal.
In my ISP experience... (Score:3, Interesting)
First, if an e-mail is not delivered, the recipient receives a notice of the fact, as long as he is properly identified as the source of the e-mail.
Second, I have had a number IP addresses in our range blocked by a whole host of different DNSBL, for many different reasons. The *ONLY* blacklists I never got removed from were those which block ranges for a whole region (like South America or Brazil).
Moreover, the process might take two or three days (though it's seldom more than 24 hours), but it's always VERY clear.
That article reads more as a pro-spam article in disguise.
No (Score:3, Insightful)
Popups are merely web content, presented on pages that you actually choose to visit - web sites that you willingly expose yourself to. Spam is forced upon you whether you like it or not, and ends up costing both your ISP and you money to prevent.
Comment removed (Score:5, Insightful)
Re:against free speech (Score:2, Interesting)
Re:against free speech (Score:2)
Even those people have a right to gather and do that, but it can still be a bad idea, worthy of opposition.
Re:against free speech (Score:2)
Re:against free speech (Score:3, Insightful)
Using them is entirely voluntary.
Or is this yet another attempt to define "free speech" as "speech I like"?
Proletariat of the world, unite to kill spammers
Re:If your ISP or WPP is spam friendly... (Score:2, Insightful)
So while your comment sounds sensible, it is not applicable to all.
Just my 2 cents
Re:What is is with the Spam??? (Score:3, Informative)
Of course, the biggest problems are with web sites that display email addresses. I've had my private email address ruined because I did some volunteer service and the web site owner posted my email address to thank me...arrrggghhhhh!!!!
BTW, you can sometimes find if your email address is on a we
Re:Black-lists, white-lists, they both are flawed (Score:3, Insightful)
Personally, I wish the article told people how to find out if they are blacklisted. I had a spammer use my domain as a return address. Did that get all my mail blocked?
A flawed list might boast that only 1% of the mails that they block are legit
Re:RBLs are not effective at all. (Score:4, Interesting)
Our small ISP hosts email and web sites for about 40 domains. Our mail servers send me a message every time they bounce a message, for ANY reason, with transcripts of the exchange and the error that caused the bounce. We use SpamCop, Blitzed, Monkeys and ORDB to suppliment our internal lists.
A typical day has 500-1000 messages reach the SMTP ports of our various servers. Lately, 80% or more of them (over 3000 in the last 4 days) are attempts by spammers to hit addresses that don't exist, usually arriving from open relays, proxies, and dial-up lines. And only 50% of those test positive against the RBLs... the rest are blocked by those internal lists.
Why is this? I suspect it's because the spammers are finding those open relays and proxies faster than the RBLs can catch up. And some open relays specifically block the test software from ORDB and others, trying to stay off the lists without actually fixing their problems.
Lately, though, it's the open proxies that have taken the lead. We added over 1800 NEW open proxies to our internal lists in the last week. Sometimes, one spammer will try dozens of proxies within hours to get through... Kind of makes it easy to spot them... B-)
Re:Problems with lists (Score:3, Interesting)
Remember, _you_ are sending bulk email using a prior relationship as an indication you have their consent to send them an email. The burden of proof rests on you.
Re:Blackhole list + Bayesian + Whitelist +... (Score:3, Insightful)
Thats why you see so many random words thrown in as well as misspelled words. Someone needs to do a bayesian filter with soundex support.
One other trick that is going on is the spamers are tring to drive the spam threasholds up. If your spam program seems most mail as 0-10, where 10 is always spam, what happens when the program sees a score of 100? Then does the program assume anything less than 50 isn't spam?
Re:Blackhole list + Bayesian + Whitelist +... (Score:3, Insightful)
Re:there are those.. (Score:3, Insightful)
Thing is, I'm not interfering with the spammer's free speech at all. They're still free to say whatever they want. What I'm doing by using a spamblock is the equivalent of declining to go listen to their speech. What the spammers are yelling about isn't that people are trying to stifle their speech via spamblocks, but that when they do speak it's to an empty hall because nobody wants to hear what the spammers want to talk about.
I'm sorry, but the right to free speech doesn't include the right to require me