>I wonder why so many spam_IP list should be kept, rather than probably >less legit_IP. > >If each postmaster could share its legitimate lists
the proposed protocols SPF/DMP allows domain admins to whitelist the IPs that will send the mail outbound. This avoids any centralized database. >, we might have >reduced database, attacks to servers who "don't exclude" would not >occur, and to apply hard rules would be easier. I don't think centralized public databases are a good idea, eg, the DoS attacks on RBL servers, etc, etc. >This doesn't mean to desert blacklist, but rather to start with a >alternatives lists. these things only work if enough MXs participate, and "enough" in Internet terms is many 1000's, even 10's of 1000's. That's why the RBL servers are effective, they are widely used. >On more remark: if 'legitimates' know they belong to the "big white >list", will do their best not to be excluded, and the postmaster will >not be forced to became a sort of policeman. the SPF/DMP protocols are a much better approach for many reasons, but they aren't getting much recognition, afaics. Apparently, all the big ISPs are trying to co-ordinate a common approach, have been trying for 6 months or so. If they would all agree to do SPF/DMP, then the horrendous levels forgeries of their helo hostnames and sender.domains would decrease to insignificance. The problem that we have is that email is critically important to millions of people and companies, and nobody can/will do much to co-operate to fight spam, because someone, most probably an American entity + ambulance chaser, will sue them silly. And companies like MS, yahoo, AOL, earthlink have billions of $$$ worth going after. So I expect anything out of that group will be a) weak/ineffective b) very long in coming c) effective only for them. These ideas have lead me to the "credentials" concept, but even there, just the IMGate admins don't demand credentials because not enough of Internet does, so the IMGate credentials group refuses legit mail from un-credential senders while other MXs accept it. If we all refused non-credentialled senders, then those senders would have to get themselves credentialled or get out of the email-sending business (always a good idea. People seem to think sending email to Internet MXs is an inalienable, universal right of all humans, like having babies). Len
