[RndTbl] blocklists (was: Grey-listing in effect on MUUG server)

Trevor Cordes trevor at tecnopolis.ca
Fri Nov 17 16:00:54 CST 2006


On 17 Nov, John Lange wrote:
> For example, lets say there are some spam bots on an ISPs network. They
> send out spam relayed through the ISPs mail server. Does this not mean
> that the ISPs mail server will quickly find itself on a block list?
> 
> If the answer is "no", then the blocklist isn't accomplishing anything
> since no spam is being blocked.
> 
> If the answer is "Yes", then my issue is that thousands of innocent mail
> users on that ISP will be inconvenienced for absolutely no fault of
> their own.

The other day I ran into a "Yes" situation that was causing an ISP to
completely block email from all of Shaw -- including Shaw's smarthost!
The agressiveness and braindead-ness of servers and RBL's has been taken
to an insane level.  No one cares about false positives anymore.

> This brings up another problem with block lists. What if you get a virus
> and your machine gets hijacked to send spam? Bingo you are on a
> blocklist and good luck getting removed especially since the average
> user is not likely to have any clue they are even on the list.

This happened all the time before the RBL's decided to block the entire
Shaw/MTS dynamic IP space -- the greater of two evils.

> And it is my understanding that the blocking is frequently done on
> entire subnets or even entire ISPs. Again, lots of innocent victims of
> this technique.

Yup.

> iptables -A INPUT --destination-port 25 -j DROP
> 
> Guaranteed to eliminate 100% of your spam ;)

MTS's (dynamic-IP) approach!



More information about the Roundtable mailing list