On Friday, June 4, 2004, 4:24:46 AM, Carl Friend wrote: > The operative question here is: "Do you trust the RBL admins' > judgement implicitly?" The obvious answer, unless you know them > personally, should be "no". Are you willing to risk dropping > perfectly legitimate mail?
One interesting solution that my local ISP sonic.net has implemented is per-user configuration of RBLs. I forget how they do it , but I think it's through SpamAssassin. Each user can select which RBLs they would like their mail processed with, and there's a fairly conservative default set. That goes along with some nice graymail, SA, etc. settings, all controlled through web interfaces. > Hint: The "noise level" for most admins at ISPs is such that > they may never even _see_ what caused a rejection unless a user > complains (and loudly, at that). Depends on the ISP and the user. An alert user will see the delivery failure notification with informative message and ask the RBL or local ISP to address it. > Too, some RBLs are deliberately > over-broad, make no bones about it, and are impossible to get out > of. "Prove you're not a spammer", they say. To be fair, there are some responsible RBLs that do de-list, and it is possible to allow an ISP abuse manager to declare that a problem has stopped. If it hasn't, then that manager or ISP becomes suspect. As an outside observer, SpamHaus' policies on this seem generally workable to me, for example: http://www.spamhaus.org/sbl/sbl-rationale.html > De-listing Criteria > > IPs are removed immediately from the SBL upon receipt of > notification from the IP owner (Internet Service Provider) that > the spamming activity has been terminated. In the case of known > spam gangs however, where listings are often made preemptively > based on the gangs past performance and history, an SBL listing > will normally remain in place until the gang has been > completely removed from the ISPs' network. > > Where we have a proven working relationship with any Internet > Service Provider, the SBL team implicitly trusts the Internet > Service Provider's Abuse Manager and will normally remove > listings on the Abuse Manager's word. Strictly speaking the abuse manager's declaration is not proof, but the real proof is in the behavior. If the spam stops, that's proof... Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
