Another point to this good list is: Without blacklists such as the SBL we would no longer have email today. That's not sensationalism, it's fact.
Two main reasons: 1. Spam over-whelms servers incoming. 2. Spam over-whelms server outgoing. Thank you, Gadi. On Sun, 2 Dec 2007, Rich Kulawiec wrote: > On Wed, Nov 28, 2007 at 05:14:05PM -0800, Lynda wrote: >> Yeah, no surprise from me. Personally, I don't much care for blacklists. >> I find them a bit heavy handed, and I think they aren't effective. > > Well...if I may, let me mumble about a few things. ('Cause it beats > going for a run in the sleet. ;-) ) > > First, nobody would go through the trouble of compiling a blacklist > if there weren't motivation for doing so. The fact that so many people > have done so (there are 500-1000 public blacklists plus an unknown but > likely very much larger number of private ones) indicates that said > motivation really does exist. See below for why. > > Second, some of them are quite accurate. The Spamhaus "Zen" DNSBL > zone, for example, is very good, as are the zones maintained by NJABL > and DSBL, and most of the zones run by SORBS. On the other hand, > the zones run by APEWS are of poor quality. And "effectiveness" is > hard thing to measure globally because everyone's spam/not-spam mix > is different. I'll go so far as to say it's impossible to measure > globally, not only because it can't reduced to a single number of set > of numbers, but because part of measuring "effectiveness" has to > do with measuring how well it implements policy -- and policies > vary widely. > > Third, use of blacklists (for blocking, as opposed to for scoring) is > one of the most resource-frugal ways to stop spam. After all: why should > I expend my bandwidth, my memory, my CPU, etc. accepting the entire body > of a mail message and then analyzing it...when it is already known > (by virtue of the connecting IP address) that it originates with > a spammer? It's not *my* problem to sort whether it's spam or not: > if it's from a spammer, then I don't want it, no matter what it is. > > Fourth, if an IP address is emitting spam, then at least one of these > two things is true: > > 1. It is broken (e.g., open SMTP relay). > 2. It is 0wned by spammers. > > I see no reason to accept mail from broken or 0wned systems. It is > the responsibility of their caretakers to either (1) fix them or > (2) un-0wn them. Those who can't or won't do this are a menace to the > rest of the Internet. (I could say the same thing about IP addresses > emitting viruses, or participating in DoS attacks, or other abuse. > We're all responsible for making sure that everything we run is not > an operational hazard to the rest of the Internet. Or, "don't build > it if you can't run it properly".) > > Fifth, I suppose I have this view in part because of my views on > proper network operation. To illustrate using a header fragment > from a spam sample that arrived this morning: > > Received: from adsl-67-126-134-137.dsl.irvnca.pacbell.net > (adsl-67-126-134-137.dsl.irvnca.pacbell.net [67.126.134.137]) > > Whose spam is that? It's Pacbell's. It came from THEIR network, > on THEIR watch, adn THEY allowed it to get out. Therefore they > have responsibility for it. (Oh, I'm not letting the owner of > the compromised system off the hook, nor am I letting the spammer > off either. They're also responsible.) But were Pacbell staff > doing their jobs properly, then I would not received this, neither > would a *lot* of other people, and thus we would not find: > > *.dsl.irvnca.pacbell.net > > in quite a few blacklists, because it wouldn't be necessary. But it's > there, and it's there because of the long-term incompetence and > negligence of Pacbell. > > s/Pacbell/Comcast/ > s/Pacbell/Verizon/ > s/Pacbell/just about every other ISP/ > > Pacbell has no right to complain about this, of course: it's their > own fault. And Pacbell customers impacted by it need to take 100% of > their complaints solely to Pacbell, again, because it's Pacbell's fault. > > To put it another way: it is everyone's job to control abuse outbound > from their operation, or supported by their operation (i.e., DNS provided > to spammers, web site hosting for spyware, etc.). Anyone who can't > do that simply isn't good enough to operate any portion of the Internet. > > Of course, this isn't how things actually work. Apparently my view is > an archaic relic of .ARPA days, when "allowing your network to be a > problem for others" implied "you will soon have your connection yanked". > So -- because nobody's going to yank Pacbell's, or Verizon's, or Comcast's > connection(s) any time soon, one of the few available methods for achieving > an equivalent result is pervasive blacklisting. To put it another > way, we can't remove them from the Internet, but we can certainly > remove the Internet from them, albeit one piece at a time. > > The bottom line is that many of the problems we currently face could be > mitigated in large part by selectively blacklisting problem hosts/networks > and refusing to un-blacklist them until they're fixed. Yes, that's > draconian and inflexible, but (a) it works, because it forces the cost > of fixing the problem back on the entity responsible for it and > (b) nothing else works. > > "If you give people the means to hurt you, and they do it, and > you take no action except to continue giving them the means to > hurt you, and they take no action except to keep hurting you, > then one of the ways you can describe the situation is "it isn't > scaling well". > --- Paul Vixie on NANOG > > ---Rsk > > _______________________________________________ > Nanog-futures mailing list > Nanog-futures@nanog.org > http://mailman.nanog.org/mailman/listinfo/nanog-futures > _______________________________________________ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures