Orin, all three listings are actually the same. The
last one you mention, SB-XBL shows that the IP is listed in XBL because XBL is a
composite list of blacklists, include CBL.
CBL is one of the few blacklists that expire listings
(somewhat more say they expire listings, but don't).
Blocking mail from servers that connect from a dynamic
address is reasonable.
Blocking mail from a client is not reasonable; this is why
the IMail fans here like the option to whitelist authenticated
senders.
Also, blocking on one blacklist hit is a setup for a lot of
false positives. For example, large email providers like HotMail and
Yahoo! have certainly found themselves listed because of a bad customer or by
bouncing a virus they didn't detect as such.
So having said that, a good question is why this particular
CBL listing on your system ended up HOLDing a message!
Andrew 8)
I received a contact from one of our customers who discovered an e-mail from within his own domain had been stuck into the spam box. When I investigated I found out that it had been tagged by the CBL test. Looking further if found the email address was on three different black lists. OK, but the problem is this is a dynamic address belonging to T-Mobile I suspect. This implies that some dynamic customer had connected while infected by a piece of spam software and got the IP logged. Now anyone connecting and receiving the address will be blacklisted.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Orin Wells
Sent: Monday, August 01, 2005 3:26 PM
To: [email protected]
Subject: [Declude.JunkMail] CBL Blocks
How do you handle this sort of thing?
The IP address, in case anyone is curious, is 208.54.14.65. The CBL probe says it was de-listed on 6/23/2005 but re-listed on 7/30/2005 (yesterday). There are two other services where it is listed - DNSBLNETAUTI (DNSBLNET Australia pointing back to cbl_abuseat.org) and SBL-XBL pointing back to Spamhaus.org.
Is anyone using such services (T-Mobile - may be assigned to Blackberry communications) where dynamic IP assignment is the rule just at the mercy of whoever got it earlier? Is it even worth the effort to attempt to get the addresses de-listed? Should the ISP service be advised when one of their IP addresses is discovered as listed? I suppose it is too much to expect the black lists to be able to recognize dynamic addresses and just not bother to list them or at least set them on some timer to release after a bit.
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
