On Tue, 9 Jul 2002, Dean Anderson wrote: > On Tue, 9 Jul 2002, Theo Van Dinter wrote: > > > > > Basically, I use a bunch of open-relay RBLs and a few custom sendmail > > You problably don't realize that blocking open-relays means that you have > misconfigured your spam filters to allow _more_ spam, rather than less.
Pardon me if I appear skeptical, Mr. Anderson. > Its more because by doing so you can't block spam sent through closed > relays, even though the source IP address of the abuser has been reported > to RBL. Um, the point of using an open relay list is to block mail from open relays, no matter the source or content. Blocking mail from closed relays and domains is quite easily handled by other means. Content filtering is another matter. And just so everyone understands, each of the many DNS based black lists use different criteria for adding and removing entries. Some are lists of open SMTP relays, some are lists of known spam sources, some are lists of dial-up IP space, some list the entire IP space of IPSs that sell services to spammers, and some include many lists other than their own. It is important to read carefully the listing and delisting criteria of each and every black list that you are interested in using. Although I am *very* happy with the results obtained by my current selection of lists, you may not be. > Also, ISP's cannot block open relays since this violates 18 USC > 2701(A)(2), which prohibits ISP's from blocking authorized email. Some > have, but stopped after receiving letters from our attorney reminding them > of the statute, and the $1000 per affected user that they owe us if the > blocking is intentional. My interpretation of the code sited above is quite different, but then I am not a lawyer nor ISP operator so I'm not really surprised. As far as my private network is concerned, I can drop or reject any packet I wish. > Very little of our email has ever been blocked > by an open relay list. Good for you. > And what is blocked is often spam bounces--the > bounces going back from spam to a non-existant user. Very, very few people > use these services. Really? Have you conducted a poll? > Evidence of the lack of use is obvious: The MAPS RBL consumes more than 1 > T3 of bandwidth, according to Vix, and the Open Relay black lists are > frequently found operating off of T1's or less. There can't be many > "customers." Bandwidth is the measure of "customers"? Interesting. I suppose I could think of DNS queries in terms of bandwidth and somehow determine that the size of the feed relates to some value of "customers", but considering that "customer" can be defined a number of ways I conclude that your "obvious evidence" is just hand waving. > Many of the Open relay black lists have been shutdown by courts or by > their upstreams. Please define "many". I know of two. One very high profile (ORBZ) and one not so high profile (ORBL). All of the others that I have been aware of for the past three years are up and running just fine, with several new ones added to replace the loss of ORBZ. So by my count there are more open relay lists now than there were three years ago. > Their scanning has caused computers to crash, which violates criminal > statutes in the US. I know of one case where scanning caused a broken Lotus Notes server to crash. I have no doubt that there other other instances but I am not aware of them. Lets also keep in mind that some open reply lists do not actively scan, instead use honey pots, subscriber submission (SpamCop), or other passive means to maintain the database. > In short, they are widely > recognized as abusive, and possibly criminal organizations. "widely", eh? By whom? I'd wager by many direct marketers, some sys admins, and you. Any one else? > Also, many of the open relays are operated by ISPs, such as us. I won't > explain the many situations where Open Relay is necessary, and why SMTP > AUTH is dead, and such. That much is either obvious by now, or you don't > need to know it, since you might not ever need open relay yourself. So instead of closing your open relays you dismiss SMTP AUTH. This is a rather selfish stance, don't you think? > Rather, most (perhaps all) of the open relay Black Lists are actually > spammers themselves. This needs explanation. <snip> > Only relays listed in the O.R. black lists are ever abused. The Open > Relay Black Lists are the spammers sending abuse through open relays. Huh? What sort of twisted logic is this? That spammers use the open-relay lists to find open-relays is well known. Spammers will find the open relays eventually. If all spam only goes through open relays listed in open relay black lists and I block all email from open relays listed in those same black lists then I should not receive any spam, right? This is bad how? > Also, once you subscribe to a OR black list, your domain will start > getting abuse email, which your BL then blocks. This serves to keep you > addicted, and to show the "effectiveness" of the BL. You've been scammed. Excuse me? Please explain _exactly_ how rejecting email via DNS black lists causes _more_ spam to be sent (and blocked). And please explain how I have been "scammed" into blocking mail from open relays. > There are a number of things that we do to protect our relays and identify > abusers, and I do a lot of analysis on the spam sent. Most of the spam is > not commercial. Marketers want to sell products. Antispammers want to > annoy people into banning spam/closing relay service/etc. So the > non-commercial spam is sent by antispammers. Since nearly all of the spam > is non-commercial, it follows that nearly all spam is sent by > antispammers. More twisted logic. > So, use content based spam filtering, and avoid the open relay black > lists. My interpretation of this whole message is that Mr. Anderson is running open SMTP relays on his network. His network, his choice. His open relays must at least occasionally be abused by spammers. He deals with this as he sees fit. But, anti-spammers running open-relay black lists are also finding his open relays, either by active scan or by passive means. Through creative argument he concludes that it is in fact the anti-smammers who are doing the spamming and that anyone who uses an open-relay black list has been "scammed" into receiving more. Fascinating. > So, use content based spam filtering, and avoid the open relay black > lists. A content based filter, while more accurate in flagging actual spam, requires that my mail server first accept the connection and receive the data. The resources that I paid for have now been used for free by a spammer to send me email that I did not ask for nor wished to receive. I call this 'theft of service'. Your advise to the contrary, I will continue to use all means available to me to prevent spammers from attemting to do business at my expense. Regards, Mike Lambert --- Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'. Mail administrative requests to `[EMAIL PROTECTED]'.
