> > And what is blocked is often spam bounces--the
> > bounces going back from spam to a non-existant user. Very, very few people
> > use these services.
>
> Really? Have you conducted a poll?
Yes. I look at the bounced mail. Very little is bounced due to some black
list. When it is, its usually a spam to a non-existant user, and the
bounce bounced. Somehow the spammers know the domains that use the black
lists, and sometimes use those as return addresses. Its usually yahoo,
hotmail, or some really odd domain, that uses a black lists. Isn't that
odd?
That odd domain is probably very happy to have blocked the bounced spam,
isn't it?
> > Evidence of the lack of use is obvious: The MAPS RBL consumes more than 1
> > T3 of bandwidth, according to Vix, and the Open Relay black lists are
> > frequently found operating off of T1's or less. There can't be many
> > "customers."
>
> Bandwidth is the measure of "customers"? Interesting. I suppose I could
> think of DNS queries in terms of bandwidth and somehow determine that
> the size of the feed relates to some value of "customers", but
> considering that "customer" can be defined a number of ways I conclude
> that your "obvious evidence" is just hand waving.
There is a certain amount of hand waving, to be sure. But Vixie reports
that MAPS DNS queries consume over a T3. A query per message adds up to a
lot of queries. It doesn't take a lot of arm waving to figure out that a
lot of customers of one of these operations adds up to a lot of traffic.
Its not something that can be handled for long on a T1.
I can probably get more detailed though. A minimum dns packet is 53
bytes. A response is a bit longer. But for ease of calculation will
assume the response is 53 bytes. (this assumption benefits you, since the
calculated number will indicate more users than is really
possible). We'll further assume for sake of calculation that the
connection is full duplex. Then we only have to make one computation on
the inbound traffic.
1.536Mbs per second / 8 is 192000 bytes per second. 192000 bytes per
second allows for 3622 53 byte dns queries per second.
That translates to 3622 messages per second system wide. Clearly, it
doesn't take too many customers nationwide/worldwide to add up to 3622
messages per second.
Now keep in mind that NJABL, ORBS, etc are running these things "on the
side", so they probably aren't taking up their full bandwidth. The 3622
number is probably way high. Since some dns responses can be over 500
bytes, this could lower the maximum by a factor of 10. 360 messages per
second.
Certainly, if DNS bl operator is able to other useful things with the
bandwidth (as Manawatu was clearly able to do), then the actual number
must be much lower than the maximum, maybe by a factor of 2 to 5 or more
lower. Which puts us somewhere around 100 messages per second. World
wide, thats not much at all.
I think there aren't many users. Its a scam on the few there are. And it
explains why we don't get much blocked email despite being listed for 6
years, by all of those I listed.
> Please define "many". I know of two. One very high profile (ORBZ) and
> one not so high profile (ORBL). All of the others that I have been aware
I gave 4, and I didn't count ORBZ, which was shut, and then restarted, on
a different ISP.
> I know of one case where scanning caused a broken Lotus Notes server to
> crash. I have no doubt that there other other instances but I am not
Its still a felony to cause a computer to crash. And lets keep in mind
that all computers and all protocols have "bugs" that cause the computers
to crash. I don't know of any machine that really cannot be crashed by
some kind of bug. Most people call that denial of service.
> > In short, they are widely
> > recognized as abusive, and possibly criminal organizations.
>
> "widely", eh? By whom? I'd wager by many direct marketers, some sys
> admins, and you. Any one else?
Maybe the many networks that block access to them. MFNX and many others.
> So instead of closing your open relays you dismiss SMTP AUTH. This is a
> rather selfish stance, don't you think?
No. SMTP Auth doesn't work, as I already explained. And SMTP Auth is
dead due to lack of need in places that don't need open relay, and lack
of solution for places that do, and for lack of supporting clients, and
for lack of interest by ISP's.
> > Rather, most (perhaps all) of the open relay Black Lists are actually
> > spammers themselves. This needs explanation.
> <snip>
> > Only relays listed in the O.R. black lists are ever abused. The Open
> > Relay Black Lists are the spammers sending abuse through open relays.
>
> Huh? What sort of twisted logic is this? That spammers use the
Not twisted logic, but rather testing and logging, as I also described
earlier.
> open-relay lists to find open-relays is well known. Spammers will find
> the open relays eventually. If all spam only goes through open relays
Spammers aren't scanning for relays. As I've also described earlier, only
the open relay black lists are scanning for relays.
And the open relay black lists smugly publish this information to spammers
for abuse? That in itself is abusive, even if they weren't behind the
abuse. But as I said, the spam sent though open relays is usually not
commercial. True commercial spammers aren't looking at the open relay
black lists. Some other kind of spammer is. This non-commercial spammer is
an antispammer who just wants to annoy people. So the open relay black
lists are behind the abuse.
> listed in open relay black lists and I block all email from open relays
> listed in those same black lists then I should not receive any spam,
> right? This is bad how?
Except that a lot of legitimate email also goes through open relays. And
many of the open relay black lists are really revenge lists, which exist
for the opportunity to block legitimate email from an ISP they don't
like. That was what ultimately led to ORBS being shut.
> > Also, once you subscribe to a OR black list, your domain will start
> > getting abuse email, which your BL then blocks. This serves to keep you
> > addicted, and to show the "effectiveness" of the BL. You've been scammed.
>
> Excuse me? Please explain _exactly_ how rejecting email via DNS black
> lists causes _more_ spam to be sent (and blocked). And please explain
> how I have been "scammed" into blocking mail from open relays.
They start sending you spam, which they block. If you unsubscribe from
their service, you get inundated with spam. If you check your connection
rate, you start getting more mail (to block) after you sign up. You've
signed up for a scam.
Sometimes domains are targeted, and their spam rate rises sharply in
contrast with other domains. Most of this increased abuse is also
non-commercial. In this case, you've been targeted for a scam, or maybe
just targeted for annoyance. Doesn't really matter to the antispammer, I
suppose.
> > There are a number of things that we do to protect our relays and identify
> > abusers, and I do a lot of analysis on the spam sent. Most of the spam is
> > not commercial. Marketers want to sell products. Antispammers want to
> > annoy people into banning spam/closing relay service/etc. So the
> > non-commercial spam is sent by antispammers. Since nearly all of the spam
> > is non-commercial, it follows that nearly all spam is sent by
> > antispammers.
>
> More twisted logic.
Twisted? Whats twisted is the antispammers sending spam. Their motivation
is to annoy you into banning spam. Thats whats twisted. You can do the
same logging, and the same relay tests, and you'll come to the same
conclusions.
--Dean
---
Send mail for the `bblisa' mailing list to `[EMAIL PROTECTED]'.
Mail administrative requests to `[EMAIL PROTECTED]'.
