So this is DNSBL that does the same thing as SPF - but you have to pay for it. Brilliant.
-- ME2 On Tue, Oct 28, 2008 at 10:47 PM, Michael Brummet <[EMAIL PROTECTED]> wrote: > Have any of you run into this? > > From http://zacharyozer.blogspot.com/ > > Tuesday, October 14, 2008 > > Biggest. Spam Scam. Ever. > > A few years ago, MIT purchased an anti-spam solution from Barracuda, a firm > specializing in network security products. > > I just received an email on one of The Tech's mailing lists about how email > from The Tech's mail server are being rejected by the Barracuda Spam > Filters. I've edited the message, but goes something like this: > > -------- Forwarded Message -------- > From: Mail Delivery System <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Mail delivery failed: returning message to sender > Date: Mon, 1 Jan 2008 00:00:00 -0000 > > This message was created automatically by mail delivery software. > > A message that you sent could not be delivered to one or more of its > recipients. This is a permanent error. The following address(es) failed: > > [EMAIL PROTECTED] > SMTP error from remote mail server after RCPT TO:<[EMAIL PROTECTED]>: > host W92-130-BARRACUDA-3.mit.edu [18.7.21.224]: > 554 Service unavailable; Client host [18.187.1.1] blocked using Barracuda > Reputation; http://bbl.barracudacentral.com/q.cgi?ip=18.187.1.1 > > Following the link, you're taken to a page where you're asked to fill out a > form (which includes a CAPTCHA) in order to verify that you're not spamming > people. > > Were this where things had ended, I would have forgotten this whole thing. > While I don't necessarily think requiring people to fill out a quick form is > the best way to fight spam, its certainly not completely unreasonable to ask > them to do it once in a while. Extra kudos if they can use some sort of > certificate, signature, etc to bypass it. > > However, what follows is one of the most perverted uses of technology and > diabolically brilliant business plans I have ever witnessed. > > Lets assume you'd like to avoid being caught by this spam filter in the > future. Barracuda allows you to register with EmailReg.org , an > 'organization' which maintains a list of domains and the IP address of their > associated mail server. To sweeten the pot, they allow anyone to query their > database for free in order verify the authenticity of an email. > > Many of you are scratching your heads, so let me provide an example. Lets > say that you run Google.com. You register with EmailReg.org and tell them, > 'Any email that comes from google.com will have to come from one of our SMTP > servers. Their IP addresses are 1.2.3.4 and 9.8.7.6'. This means that an > email which claims to be from [EMAIL PROTECTED] that didn't come from those IP > address probably isn't actually from someone who works at Google and can > probably be marked as spam. (Note that identity verification is a big part > of spam protection, since spammers often pretend to be someone else, in an > attempt to hide how much mail they're sending.) > > What a great idea right? Spam protection that works and is transparent to > users? > > Until you realize that they charge $20 to register your domain. Per year. > > Effectively, this means that you have to pay $20 per year to send email to > people on domains that use this service to verify email authenticity. This > wouldn't be that big of a deal if EmailReg was the definitive source for > this information, or if they had some new and brilliant technology, or if > there weren't any other good solutions. Instead, EmailReg is nobody, their > product is a whitelist (albeit with two parameters – domain and IP), and > there are a hundred other, perfectly viable anti-spam techniques. Somehow, > they've managed to get a major corporation (Baracuda) on board and they're > now gouging people to send e-mail – something which is supposed to be free. > > I salute the businessman who came up with this idea and the salesman who got > Barracuda on board. > > Beyond that, I'm furious. > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
