On 12/28/2010 2:44 PM, João Gouveia wrote:
----- "Ted Mittelstaedt"<t...@ipinc.net> wrote:
On 12/28/2010 12:14 PM, Warren Togami Jr. wrote:
Folks here are missing the point, that NJABL is catching not much
of
anything, like less than 1% of spam, and with a relatively high FP
ratio. I don't understand this desire to keep such a poor
performing
rule, especially when it costs a network query.
Warren let me give you a bit of political education.
When you go to www.njabl.org you get a nice folksy
explanation of what a blacklist is, how to get on it and how to get
off
of it, and when you go to www.mailspike.net you get nothing other
than
a fancy graphics page of a map of the world.
I think you may be overreacting a bit Ted.
You are right that information is scarce (there's lots of stuff missing and
some sections aren't completed yet), but there's at least *some* information.
Not just fancy graphics. Have you checked
http://mailspike.org/anubis/about_data.html?
I looked at all pages linked off the main page. I did see that page.
-I- understood the site at once - but then again I'm the administrator
so I wouldn't be very competent if I didn't. The issue are what
would end users understand.
The issue with blacklists is such, I have a customer, I block that
customer's inbound e-mail because of a blacklist, I get a FP and now
my customer demands an explanation of why I blocked it.
Clearly something we need to improve, like most of the stuff that's still
missing on the site.
I can point my customer to njabl.org and say "that site blocked it"
and my customer can then point his corespondent to njabl.org and
that corespondent can then point their boneheaded system admin to
njabl.org with a demand that said boneheaded system admin fix
whatever
the problem is that is getting them listed.
In other words, sites like njabl.org help me, as the spam-blocking
system admin, shift the blame for a FP from me, to the actual
responsible party, ie: the system admin who is running the open
mailserver that sent the spam to my server in the first place.
But, sites like mailspike.net, because they are so stripped down,
actually do the reverse - they help concentrate the blame for the
FP on me, because they provide no support whatsoever for anyone using
them.
This is not true Ted.
Delist requests can be issued via the web site, and we do answer (on a best
effort basis) to support requests via the email address on the site.
There is no button saying "delist" Perhaps that comes up if you
put in a compromised IP address in the Lookup but I didn't have
one that I could try.
I do not deny mailspike.net is probably far better a bl than njabl.
I've used njabl for years and 8 years ago it was great but today it's
admin obviously has not bothered to keep up with maintainence on it.
But mailspike.net doesn't even have a list of criteria of how to
get off of it, and looking at their site you don't even really know
what the hell it is. If I were to tell a customer I blocked their
mail due to mailspike.net they would think I'm an idiot when they
went to that site to see what mailspike.net actually is.
Well.. the web site clearly needs to be improved. But the information is there,
even if it's not always obvious (depending on who is reading it).
This is yet another example, of which there are a plethora, in the
computer industry where a superior product or service, because it
comes
in a plain brown wrapper, fails to obtain market share while an
inferior product or service, because it's slicked up, retains and
gains
market share.
Apple Computer Company mastered this product marketing ages ago
when they slicked up FreeBSD& Next code, then came out with MacOS X
that is years behind current FreeBSD with it's internals. But clearly
some people, like the owners of mailspike.net, haven't got the
message.
Again, a bit harsh, but I see your point.
We shall improve the web site whenever possible.
As everything free (and we would like to keep it that way), it's kind of
subject to time+effort constraints, and typically we prefer to make use of that
improving the efficiency of the list, and not so much working on the web site..
That is perfectly understandable and it is the normal attitude of most
people creating public sites like this (as well as open source software)
The problem is that my experience is the vast majority of FP's are
legitimate e-mails coming from corporations.
The usual thing seems to be that company X buys themselves a MS
Exchange server, then puts that and 30 or so Windows PC's behind
a linksys or netgear little cable/dsl router that is running NAT.
The exchange server and all PCs on the network then appear to
the rest of the world to have the same IP address. The admin
is just competent enough to stumble around with some how-to
guides and with linksys and Microsoft tech support to port-forward port
25 from the outside of the router to his Exchange server but that is
about it.
Everything works great for 3 months then one day some air-head
employee plugs a laptop or something infected with a spam virus
into the company network. A few hours later their PC has transmitted
100,000 spams and is listed in all of the blacklists on the
Internet, including yours.
Of course what is really listed is the outside IP address of the
company's router, not the real private address used by the offending
laptop.
Then someone in the company sends a mail to one of my customers. It
goes from their exchange server out through their router then to my
Unix server. My server sees it coming from a blacklisted IP address
and marks it spam. My customer then gets it and has a rule or whatever
in their Thunderbird or Outlook e-mail client that just deletes anything
that my server marks as spam. So my customer doesn't get the mail message.
A few days later their friend at the compromised company calls them
all pissed off that they didn't respond back. Then my customer calls
me and starts pissing in my ear about my shitty mailserver that deletes
mail and is costing them thousands of dollars. I dig through my logs
and find the message from their corespondent at the compromised
company and I find that SA marked it spam because of some blacklist on
the Internet.
At this point it is critical that I point the blame where it belongs,
on the corespondent at the compromised network. If I can convince my
customer that their corespondent's network was fucked up and that
is why the mail from them is getting blacklisted, then they can go
back to their pissed off friend at the compromised company and tell
them to pound sand, that it's their problem. That pissed off friend
will then go piss in their own administrators ear about the problem and
that barely-competent-to-screw-in-a-light-bulb administrator will
then be motivated to pick up the clue phone and do something about the
compromised laptop on his network that is spewing spam and causing
his exchange server to be blacklisted.
But, if I am unable to convince my customer that their corespondent's
network was fucked up, then -I- get screwed because my customer will
then assume it's -MY- fault, and start looking for another e-mail
provider.
This is why it's so important to have the spelled-out-for-boneheads
explanation on your website, you see. Because, my customer is already
pissed off about the situation of losing mail, and they won't be
convinced that I'm telling them the truth unless they see a clear
explanation of the problem on the blocking website that they can
understand, and that corroborates the explanation that I'm telling them.
Remember, they aren't going to fix the problem. Their corespondent
at the compromised company isn't going to fix it either. All that
this chain of people are going to do is pass the buck up to someone
else. Eventually that buck lands on the lap of the responsible admin
at the compromised company, and he is naturally going to think of his
job first and attempt to blame me. My customer and my customers
corespondent are then left trying to decide if it's me who is lying
or the admin of the compromised site that is lying, and they are going
to believe the admin who is corroborated by what they read on the
blacklisting website.
Now I will admit that this is a cynical explanation and that often it
does not happen this way, sometimes I get an appreciative call from the
compromised admin thanking me for alerting him to the problem. But
the few times that it DOES happen this way are so time-consuming that
they by far make up for the rest of the times that people are more
reasonable.
I have had, believe it or not, customers depending solely on e-mail
arrival dates to do things like determine which bidder wins during a
bidding war on a half-million dollar home. I myself scratch my
head when I hear about things like that, as I cannot understand why
people would trust something as unreliable as e-mail to something as
important as selling or buying their home. But, people do. And
when they take these kinds of ridiculous risks, when things break
the emotions run hot and high.
Anyway, I do appreciate the effort anyone puts in to fighting spammers,
no matter what it is. And, thank you!
Ted
Just a thought.
Ted
Warren
