I'm going to start with a little example that got me fired up today. I sent a copy of some posts today to the author of the posts to which I was responding. I got back a bounce, the relevant part of which was:
>message that you sent could not be delivered to one or more of its >recipients. This is a permanent error. The following address(es) failed: > > [EMAIL PROTECTED] > SMTP error from remote mail server after MAIL > FROM:<[EMAIL PROTECTED]> SIZE=16702: > host mx.kolumbus.fi [193.229.5.160]: 550 Your IP address > [69.93.71.146] is blocked (listed in l1.spews.dnsbl.sorbs.net). > Please contact your own ISP. It appears that kolumbus.fi, or the domain host for kolumbis.fi, whoever is operating the mail server, is using the SPEWS DNS blacklist database, which is echoed as a convenience by SORBS. SORBS does not endorse this blacklist, and it appears that SPEWS is, shall we say, controversial in the antispam world, largely because one must apparently jump through hoops to get removed, even if one has never spammed at all. I did a search covering 143 DNSBLs. The only blacklist which listed my IP address (which is the address of one of my domain host servers) was SPEWS. If SPEWS had been directly used according to SPEWS instructions, I would have received specific instructions as to how to deal with the blacklisting. But kolumbus.fi is not using SPEWS directly, it is using the SORBS echo, which SORBS says it provides as a convenience. A search on SORBS itself and I did not find any blacklisting for my domain. In order to find the actual blacklist entry, I had to do a fair amount of research just to find SPEWS and to directly look up the domain there. It appears that some domain hosted by my host may have spammed somebody, or may have been incorrectly reported as spamming somebody, possibly several years ago. The blacklist information is not dated; but the report on the owner of the offending domain was a listing that expired a year ago. This is apparently very old data. And that is one of the complaints about SPEWS: once on the list, you have to go through a process, reported as harrowing by some, to prove you are not a spammer. Given that most mail service providers are not using the SPEWS list, since there are much better and safer ones, the occurrence of a problem would be rare, and thus I can infer that my domain host tech support may not even be aware of the continued listing, or they did not judge it worthwhile spending the effort to clear it. After all, they didn't necessarily do anything wrong; they may have had other reports regarding the alleged spammer and may have dumped him a long time ago. I could complain to my domain host. However, frankly, it isn't worth the effort for me to do even that; I am far more concerned about process. DNS blacklists are examples of *part* of how a Free Association of internet users would deal with spam. However, how the blacklist is operated is crucial; for such blacklists can easily do more harm than good. More accurately, they multiply the harm done by a spammer far beyond the initial impact of the spam. The argument behind this is that users whose mail gets blocked will complain to their service provider, forcing the service provider to dump the spammer. Indeed, so far so good. However, note that *many* innocent people may be dragged into the "war" against one spammer. (And sometimes it wasn't spam at all, perhaps somebody forgot that they subscribed -- or their wife subscribed -- to a mailing list that only occasionally mails. And that someone complained or took action.) Personally, I asked my domain host to shut off their default DNSBL filter. The reason is that it had too many false positives, too many innocent users trying to contact our business; we don't want that to happen to anyone, much less an existing customer. So, instead of having our host prefilter our mail by checking the blacklists, which will catch about 90% of spam, I use Mailwasher, together with the blacklists, to filter the mail myself. It takes a minute or two a day. I scan down a display of From: and Subject: headers, and it is quite obvious, most of the time, what is spam and what is not. And if somehow I overlook a legitimate mail in the spam haystack (might happen some of the time), our order-taker also filters independently the same mail, and, further, if the user's mail is dumped because both of us missed it, they aren't permanently blacklisted, the next time they write they have just as much chance to get through. Since I started this system, actually, I don't think we have deleted a single legitimate mail. But we might have. Once we identify a legitimate sender, that sender goes on our Friends list, and will always get through from now on. Note that with DNSBLs, there is no way to use a Friends list except if the host provides the service, which is rare, I think. What could be done better? Well, imagine that a user organization develops a program that functions through forwarding spam, with full headers, to a single address. At that address is a tool which analyzes received mail using a sophisticated spam tagger. I won't go into all the facilities at that address, devices to make the identification of an actual piece of spam and its actual source (not the spoofed source, frequently a completely innocent user), but rather at the user organization which will support it. Users who report spam to the list will be identified as legitimate through the DP network, which, we should remember, functions in both directions. Essentially to join this part of the organization, somebody actually talks to you on the phone.... the labor of this is widely distributed, and it serves other purposes as well, so it would not be a burden. There are two modes in which this would function. The first is under present conditions, where there is a lot of spam. Under those conditions, most people, even members, might ignore most spam most of the time. Only those who have enough time or who are fired up by the outrageousness of a particular fraud attempt would actually take the time to forward it. Still, if the org is very large, spam would be *quickly* reported. And a source IP will be what I call greylisted. Mail from that domain would be, through service providers who use the service, shunted aside and specially analyzed for spam characteristics before being allowed to pass through to the users. If necessary, a domain would be blacklisted, for automatic rejection, but this can cause substantial collateral damage.... If a domain *is* blacklisted, the service provider would have an *easy* way to confirm that they have cut off the spammer at the source. Ease of use is critical at all stages. The idea is to collect the intelligence and labor of many people, just a little from each. Setting this up and sorting it all out would take a kind of organization that largely does not exist. The existing blacklists are what relatively isolated groups of motivated individuals can do, but those actions are quite limited. There has not been any news on the SPEWS home page for years. SPEWS is set up to require more than just a little work from a few people; it thus depends on just a few, and those few may not actually represent the welfare of the whole body of users. I am fully aware that DNSBLs are free creations, that they have no power to stop spam by themselves; rather the actual stopping is done by domain hosts, according to their own decisions. However, some DNSBLs have, with this argument, abdicated all responsibility for what they do and the effect it can have on innocent users of email. If anyone is further interested in this particular question, I'd suggest looking at http://www.dslreports.com/shownews/37511 Spam and phishing and the Nigeria scam are public offenses, they take place in the commons. I mentioned above that the spam solution I'm recommending would function in two modes, the first being under present conditions where there is a lot of spam. I think that this solution would cut down drastically on the amount of spam being delivered, for the blacklisting process would be reliable by design, and there would be the intelligence of many thousands of knowledgeable people behind it (my design is merely a suggestion, one possibility). The second mode would phase into existence as the first mode cuts back on spam to the point where successful spams, for the average user, become a manageable trickle rather than the present torrent that exists for anyone who doesn't have their mail prefiltered automatically. When spam becomes relatively rare, it will be reported much more quickly. If there are millions of members of the organization, a mass mailing may only reach a few thousand before somebody trusted reports it. Spam will start to be cut off within the first few messages sent (compared to the total). It will become quite uneconomical, since spamming generally results in the loss of domain privileges, and that costs money. Or uses a fraudulent credit card, a whole other problem that also needs mass support to be thoroughly solved. At the very least it takes human work to get through sophisticated domain hosts' processes. You can't just set a bot on it. (And, with millions of people supporting the effort, donations will be quite adequate, with nobody breaking a sweat, to hire programmers and other necessary workers to make the system work efficiently. Essentially, the user organization will be bigger and smarter than any of the spammers, for, being DP, it will be functioning as a superconscious intelligence. We might call it the wisdom of crowds on steroids.... ---- election-methods mailing list - see http://electorama.com/em for list info
