On Sunday, August 31, 2003, at 12:33 AM, Dave Pooser wrote:
<snip> (Today, for instance, it blocked 5029; cbl.abuseat.org blocked 3224-- thanks, Bill Cole, for introducing that list to us; sbl.spamhaus.org hit 3002; dialups.visi.com hit 121; and opm.blitzed.org hit 14.) <snip>
I like to at least read what the RBL has to say about its listing criteria and how things can be delisted before I add it to my RBL list. So when I go to cbl.abuseat.org I see that they specifically don't describe their listing criteria.
Anyone know what the philosophy of that person/group is? How safe from collateral damage would I be if I used it?
I know of many sites using it. I know of no collateral damage at all. I don't have much I can say about its ultimate authorities or its specific criteria, but from what I can see, it is very true to the claim on the website:
only lists IPs exhibiting characteristics which are specific to open
proxies of various sorts (HTTP, socks, AnalogX, wingate etc) which
have been abused to send spam, worms/viruses that do their own
direct mail transmission, or some types of trojan-horse or "stealth"
spamware, without doing open proxy tests of any kind. The CBL operates in an entirely automated way designed to avoid listings
of spamtrap hits due to bounces of forged spam, virus bounces, and "real"
mail servers emitting the occasional spam. It tries very hard to avoid
listing legitimate mail sources. It does not attempt to list every
possible spam source.I've watched what it blocks very carefully on my own server, and I see some behavior patterns in those machines which MAY be the basis of the CBL. If you run your SIMS server at full logging you can probably figure out those patterns by taking the spam that gets through, looking for cases of SBL-listed sources, and checking then logs for idiosyncrasies. I am reluctant to discuss what I see in detail because I'd much rather the spammers (who definitely read the archives of this list) not have an easy way to sidestep the CBL. I will say that some of what I can see that correlates to CBL listing can never be truly legitimate, is not done by any real MTA or MUA that I've seen, and would be easy for the spammers to stop doing if they knew it was being used to fingerprint them.
As to exactly who is behind the CBL, I have a bit of trouble with that. I can say for sure that abuseat.org is registered and run by Steve and Laura Atkins. Having worked directly with Laura and indirectly with Steve and having witnessed their extremely sane and calmly diligent work against spam over the past few years, I am personally willing to trust that whoever they are providing facilities to for the CBL must be trustworthy. I feel certain that at first sign of any 'collateral damage' that was in any way avoidable, Laura would have the wirecutters out. (in case the names are not familiar, Steve also runs SamSpade.org, they both run a mail policy consulting practice, and Laura is currently ED of the SpamCon foundation)
As for removal policy, the website says that there will be a simple automated removal system but there does not in fact seem to be one anywhere visible. On the other hand, the address [EMAIL PROTECTED] is given as a contact address, so presumably there's someone reading that and willing to delist addresses for the asking.
--
Bill Cole [EMAIL PROTECTED]
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
