At 09:23 AM 6/10/04 -0400, Greg Kopp wrote:
IMHO, I would not use blackholes.us in a business environment. If it's for your own use and you don't mind people you know getting rejected mail, then fine.
But if it is your intention to actually do business with people, and to have them send you e-mail, I would stay away from it.
Hmm, I use it in a business environment every day. However, I use it with SpamAssassin rules to add small amounts of points. I'm also intelligent about which of his lists I choose to use.
I tend to agree with you in that arbitrary use of blackholes.us is unwise, however if you truly understand what it is, and how it works, you can use it properly.
The maintainer has been known to arbitrarily list every single IP address belonging to some major ISPs because of past abuses.
True, but he also lists them in their own separate blacklists. And it's also the purpose of those lists to have the IPs of those ISPs in them.
It's not like there's one "blackholes.us" query that you use and it just lists every IP. You query "verio.blackholes.us" and it tells you if the IP belongs to verio.
It's hard to understand why this could be confusing to anyone. Blackholes.us isn't a "abusers" list per se.. It's a factual information listing. This IP routes to country xxx or to ISP yyy. Yes, most of the ISP and country lists are created because of spam problems, but the nature of the list itself is to be a blanket.
This is not an entirely bad practice. However, personaly experience has shown me that small businesses and even some larger businesses are not going to switch ISPs because they can't send YOU mail or because thier IP address is listed in blackholes.us because 100 years ago a few of those IPs were open relays.
True, which is why I wouldn't advise using any of these lists as block critera.
However, that ISP's tendency to have open relays 100 years ago resulted in the creation of a list for that ISP, true.
However, the IPs that ISP uses are still the IPs that the ISP uses. That fact doesn't change (although the exact IP blocks might). And the fact that the IP belongs to a given ISP is the criteria for why it's in the list.
For example, I don't see why verio hosted IP addresses should be removed from verio.blackholes.us. To do so would be a contradiction in fact.
However, I will agree that anyone who just arbitrarily grabs all the blackholes.us lists and uses them as bounce criteria on their MTA is quite frankly STUPID. Blackoles.us DOES blacklist entire ISPs and countries, because that's it' purpose, and you definitely need to understand that before applying their lists to your systems.
My own usage consists of giving 1.0-2.5 points for being listed in the IP ranges of certain countries my company has no business with and is unlikely to ever have business with.
This is a relatively sensible judicious use of blackholes.us in a business environment. I'm not using it as rejection system, nor are any of them sufficient to cause a message to be tagged as spam, but they are sufficient for my copy of SA to effectively have a lower spam threshold for emails coming from those countries.
And I do get some nonspam hits on the blackholes lists I'm using. Occasionaly someone from one of the countries posts a message to one of the mailing lists I subscribe to. However, I have yet to have them cause a false positive. They've contributed to a FP or two on this list, but the messages always had spam quotes which also contributed more points than any normal message would have.
However, they've saved me from quite a handful of emails that would have been FN.
The maintainer has also been rumored to block major ISPs simply because he doesn't like them.
Well, he creates lists because he doesn't like them, or there's a community outcry towards them. But he continues to list them because time does not change the fact that ISP X is still ISP X.
