This has been suggested in this past; however, I forgot the reason for not doing so. Personally, if someone is spamming, I do not care about the source. I would want it to stop. IP blocking is dangerous, and content often seems the most effective method of blocking spam. If the blocks are based on content rather than IP, it does not matter who is sending it because it should be blocked because it appears to be spam. If it is blocked based on IP, the potential for false positives increases greatly as soon as people become overzealous.
Jonathan Hickman ----- Original Message ----- From: "Andy Schmidt" <[EMAIL PROTECTED]> To: "Message Sniffer Community" <[email protected]> Sent: Tuesday, April 03, 2007 12:40 PM Subject: [sniffer] Re: How to incorporate a white list? > Hi, > > Unless I'm mistaken, rule 1370762 was targeting the same address range. > > If I may make a suggestion: > Before the spam-trap robots are allowed to block major, well-known and > easily recognizable email providers, how about the robot script pulls a > WHOIS and a Reverse DNS and runs that data against a table of "can't block" > entities - or at least spits those out for "human review". > > If that can't be done, then how about the robots issue an hourly report of > "suspect" IPs. A no-brainer script can pull matching WHOIS and RevDNS for > quick human review and overriding (if necessary). > > I would rather those obvious bad rules are caught before or very quickly > after they go live. There is always some delay before I get first reports > until I realize that this is a "real" problem. Then I have to try to get > headers from end-users before I can dig into logs... Hours and hours pass > (especially if it's overnight events). In the meantime the problem escalates > all around me. > > Thanks, > Andy > > -----Original Message----- > From: Message Sniffer Community [mailto:[EMAIL PROTECTED] On Behalf > Of Pete McNeil > Sent: Tuesday, April 03, 2007 11:09 AM > To: Message Sniffer Community > Subject: [sniffer] Re: How to incorporate a white list? > > Hello Andy, > > Tuesday, April 3, 2007, 9:36:17 AM, you wrote: > > > Hi Phil, > > > Yes, it seems as if some Sniffer rules, e.g., 1367683, is broadly > targeting > > Google's IPs. > > > I've submitted 3 false positive reports since last night, at least two of > > them were Google users, one located in the U.S. and the other in the > > Netherlands! > > This IP rule has been pulled. > > FP processing will happen shortly. > > _M > > > > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <[email protected]>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > > > > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <[email protected]>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
