At 1:53 PM -0400 5/31/03, Bill Cole wrote:
I really have not encountered that mentality in the operators of The One And Only RBL (i.e. MAPS) or in the operators of other widely used DNSBL's aside from SPEWS, SpamCop and NJABL.
Have you ever been added to MAPS?
Nope, but I have sat in an office at MAPS next to the person doing most of the RBL work at the time...
They added an entire class B address range for Flashcom DSL to the DUL while I was using Flashcom. All non-portable, many with rDNS entries. Getting them to treat me as anything but a scummy spammer was difficult. I discussed it on this list here: http://mail.stalker.com/Lists/SIMS/Message/10242.html
I'm actually somewhat familiar with that case, and I know for a fact that Flashcom, incompetents that they were, asked for that listing.
Not allowed it, not ignored it, ASKED FOR IT. The MAPS policy at the time was to believe what the registered owners of address space told them in regards to suitability for the DUL.
(I have the right to call Flashcom incompetents because of my direct experience with them as a customer. They deserved to die as they did.)
This lousy experience with the so-called professionals kept me from using any RBLs for the next 3 years. I don't know if it's typical, but it wasn't inspiring, especially given the hit rate in our 2000 MAPs RBL test (0 spam and 2 legit mail stopped. No batting average calculated, div by zero error).
I'm not terribly surprised. The RBL hasn't caught a significant fraction of the net's spam since about 1998. It is my opinion (as a former MAPS employee but NOT someone ever directly involved with the management of the lists) that the RBL really lost its way when they started focusing excessively on 'high end' spammers who send a lot of mail people really want in addition to the spam. That's what drew the lawsuits and what caused some of the more significant users of the RBL to drop it. It seems to have not occured to the people running the RBL that any mail server operator can shun DoubleClick and Real and Exactis and Responsys locally without the help of a DNSBL, but that some people really do ask for the mail those spammers send.
In the last few months, we've started using some of (what we hope are) the less-badly run lists, but I am still highly skeptical. Currently we catch a dozen or so a day, 75% for a single user who is not careful with his address. No false positives yet, which is an improvement.
My current list is sbl.spamhaus.org "See http://spamchaus.org"; cn-kr.blackholes.us "See http://blackholes.us"; russia.blackholes.us "See http://blackholes.us"; nigeria.blackholes.us "See http://blackholes.us"; dialups.relays.osirusoft.com "See http://relays.osirusoft.com"; socks.relays.osirusoft.com "See http://relays.osirusoft.com";
I thought the osirusoft.com lists were spews free, but if anyone thinks they're trouble and has other dialup/socks BLs that they think are well run, I'd be willing to entertain them.
Those sub-lists are not infected with SPEWS.
I'd also suggest the Blitzed open proxy monitor list. The DNS root and the website are at opm.blitzed.org. It has the advantage of being based on solid evidence of listed proxies being abused, either for spam or for IRC misbehavior.
I am much more interested in a well-run list than a list that is comprehensive but insane.
Every bit of evidence I have is that the Easynet (formerly Wirehub) list is one such. See http://blackholes.easynet.nl
-- Bill Cole [EMAIL PROTECTED]
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
