On Sep 21, 2005, at 7:26 PM, email builder wrote:
We removed sorbs. I don't think it's even open for debate at the
current
point.
If places like hotmail mx's end up on the blacklist you *will*
have
upset
customers.
Yeah. It would be nice if there were a blacklist out there that took
the
best of all the others but refused to list things like hotmail for
those of
us who are in the situation of having users who expect connectivity
to
Hotmail and their ilk. Yes, it sucks, but this is what it is to have
paying
customers with friends who use MSN, etc, etc.
So, then, where should they draw that line? Let in hotmail, yahoo,
aol, verizon, and earthlink
yes. i don't think any administrator with paying customers to please
would
be happy if any of these were blacklisted.
I think you're wrong. I think it depends upon the customer base.
... but who not to whitelist?
the small guys. unfortunately, large ISPs like that have power in the
number
of users they have. in no way do I advocate defending that as a good
thing,
but the fact that this gives them an immense amount of power to do
whatever
they want regarding rfcs and whatnot remains a reality. smaller
services are
the only organizations who are going to actually be potentially moved
to
action by landing on one of these RBLs. when was the last time SORBS
managed
to change Hotmail's policies?
Has SORBS ever really changed anyones policies? That's certainly not
what I use RBL's for. I couldn't give a rats posterior about whether
or not some spammer changes careers, or some mail server changes
configurations, or some ISP changes their appropriate use policies.
And, what if
half of your user/customer base does NOT want you to white list aol
but
c'mon, when was the last time someone's user base was emailing their
support
staff begging for aol to be blacklisted? beside, this is what per-user
settings for something like SA are for.
If you're in a situation where users can have per-user settings. For
example, that doesn't work here.
Or, if that's how you're using your RBLs. People DO use rbls as block
lists, and people do use SORBS as a block list. It's hard to have
per-user settings for that.
does want you to whitelist hotmail ... while the other half of your
base is exactly the opposite? It isn't a solvable problem, IMO.
Everyone will want to draw the line differently, so there wont be an
easy solution of that nature.
But BLOCKING all mails from somewhere like Hotmail *IS* a decision that
someone has made which is not acceptable to we who support large user
bases.
But it's not their job to cater to YOUR user base decisions. That's
_your_ job.
So we have to make the opposite decision to only use those RBLs in SA
scoring. The baseline here is that you cannot outright ban whole large
services --
Actually, yes, I can. And I have, for some periods of time (only, in
my case, it was yahoo).
And SORBS can.
And, really, you can too, you just choose not to. But even if you
remove that from the argument, the point is, it's not the RBL's job to
cater to your policies. And if they were to try to cater to everyones
policies, they would be so conflicting that it would be pointless.
Which was my point for the above quoted sections.
And, it's not just that I don't think the RBL can do it, I don't think
that kind of thing is the job of the RBL. I think that kind of thing
is your job (or, in my case, it's my job).
What's our job? Banning all of Hotmail?
No. Your job is to tailor the tools you use so that they fit your
organization.
SORBS job is to provide a list of sites that fit a particular behavior.
If you want there to be exceptions to that list, then it is YOUR job to
make those exceptions, not theirs.
Our job is to avoid that - it's
obviously not workable at least for those in a position like the one
I've
described. So we have to stop using SORBS at the outset. And I'm
pretty sad
to do it, because so far it has been one of the best front-line
defenses
we've had. In general I think they are great, but this hotmail thing
is NOT
workable in our situation, and probably in many others
Or are you saying I should sit around all day and monitor
ever-changing lists
of potential spammer IPs and manually adjust our MTA white/black lists?
That's not exactly realistic, so I'm not sure what you are suggesting
(I
think I am about to find out...)
Do you not know what a cron job is? Here, re-read this next section
that you quoted ... it is performed by a script. I do no such manual
thing. I get an email every few hours that tells me what happened, I
scan it for references to networks that I am responsible for, and it
tells me "yes, I removed all of those networks from our copy of the RBL
zone". Then I put the zone into production on my own name servers, so
that I never see those sites showing up as RBL'ed.
Here at UCSC, we use spamhaus (both SBL and XBL). In order to make
sure my own users/customers don't get blacklisted, I have a cron job
that:
a) use rsync to get a local copy of the zones.
b) grep the files to notify me if any of my own addresses are listed,
so that I can follow up on why.
c) grep -v the files to remove any of those addresses from the zone.
d) takes the end result and puts it into a place where my name servers
will pick it up.
See. Automation at work. Computers are useful that way.
(I'm also trying to get this for SURBL and RFC-Ignorant, but SURBL is
taking some time, and RFC-I is unresponsive to my requests)
Don't get me wrong, I am fully supportive of the people taking their
time to
run those services (where would we be without them), but their general
lack
of responsiveness seems strange -- no matter which service it is, I
always
hear people say things about how non-responsive they are. Is it that
they
can't manage to parse through the number of insulting inquiries they
get from
the legit ones? Are these people that overworked? Seems like being
more
responsive, even if to just tell spam-friendly ISPs to take a hike,
would
give them more credibility. SPEWS seems to be the most common target
of this
criticism, but I've heard it for SORBS, etc too
Eh. It's the price you pay for using a free service. I don't mind
slow responses ... I do get a little annoyed by _no_ response, but
still ... I'm getting what I paid for.
If I wanted to be sure that hotmail didn't get in there, I would add
their to the grep -v expression (or pipe it through another layer of
grep -v). If a host gets listed that my users need to hear from, then
they can notify me, and I'll do the same there.
OK fine, but then you are taking over part of the RBL job.
No, I am specifically NOT taking over the RBL's job. The RBL's job is
not to cater to MY wishes. The RBL's job is to provide a list of sites
who break some rule that that RBL has set up. For RFCI, that's
breaking RFCs. For Spamhaus SBL, that's being a spammer. For Spamhaus
XBL, that's getting yourself onto a few other RBLs that Spamhaus
aggregates.
If, for example, RFCI were to make an exception for AOL (because, you
know, AOL doesn't read postmaster mail), then I would consider that to
be a lack of integrity on RFCI's part. It isn't RFCI's job to decide
whether or not I want AOL to be whitelisted. It is RFCI's job to list
_everyone_ who is breaking that set of RFCs. If they make exceptions,
then they aren't doing their job.
If I want AOL to be whitelisted (and, really, I don't), or if I have
some other set of exceptions I want thrown in, then it is MY job to
make sure that when I use RFCI, I make those exceptions. Pure and
simple. My mail servers, my job. Your mail servers, your job. Not
RFCI's job.
Alternately, you could create a set of rules that counter-weights the
spam assassin results for those RBL checks, if they happen to be IP
addresses you need to hear from.
I actually don't think it's much of a problem if such mails get tagged
as
spam. The user can then adjust their SA settings. The problem is
when the
mail can't get to the mailbox at all.
Ah, you see, in my environment, there's no difference there. We do
deliver all spam, but it seems that "users checking their spam folders"
is almost unheard of around here.
