OK, I've had my lunch and I'm feeling more alert now. I am still not convinced that open relays are anything but BAD (for me) and that blocking them is anything but GOOD (for me). I'm not an ISP, so I don't think I'm legally bound to be an open relay. If I get spam that has been relayed off of server X, then I'm going to block all SMTP connections from server X, if it's in my power to do so. If that means I block mail from legitimate clients of server X, I can live with that. Those clients should complain to server X's management, not to me.
While I also like to filter on the content of the message, I operate under the assumption that anything in the message header can be forged. I've seen some pretty bogus message headers before. So I would not feeling confident in relying on the IP address in the message header for any kind of usable protection. Admittedly, both open-relay blocking and content-filtering are moving targets. If enough people block mail from one open relay, the spammers will move to another, and as soon as I start filtering on /BIGGER PENIS/, I'll get spam for /BIGGER PEN1S/, but that doesn't mean that I shouldn't continue to be vigilant, if occasionally draconian. -Rich Dean Anderson wrote: > > On Wed, 10 Jul 2002, Rich Lenihan wrote: > > I'm probably being really dense this morning, but "whaaaaaat??????" > > Please explain to me again why using RBLs to block spam is less > > effective than not using filters at all or why using RBL's in > > conjunction with content-based filtering isn't more effective than using > > either alone. You may be right, but I'd like to understand why. > > Not all RBLs, just open relay RBLs. If you use Open relay rbls, then you > are blocking based on the connection address. This is wrong. You should be > filtering against the IP addresses in the headers of the message. If you > filter this way, the relay used by the spam is irrelevant. It doesn't > matter if the relay is open or closed. > > The only people the open relay rbls "help" are those who previously had no > filters at all. Even then, they mostly just get a "feel good". Much the > "blocked spam" is originated by the open relay people. > > Using RBL's (on the headers) in conjunction with content filters is a good > thing. > > --Dean > > --- > Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'. > Mail administrative requests to `[EMAIL PROTECTED]'. -- Rich Lenihan 781-784-5021 Open Admin // 28 Summit Ave // Sharon, MA 02067 --- Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'. Mail administrative requests to `[EMAIL PROTECTED]'.
