[Gllug] blacklisted mail servers

Nix nix at esperi.org.uk
Fri Oct 21 10:18:23 UTC 2005


On Fri, 21 Oct 2005, Anthony Newman spake:
> I know of at least one DNSBL who have gone to the extent of adding all
> apparently dynamically-assigned IP address space (based on internet
> registry information) to their list; the rationale presumably being
> that people on DHCP'd broadband etc. don't need to run a mail server,

Er, well, actually the DUL has a great big notice saying DO NOT BLOCK
BASED ON THIS LIST nailed to it. (At least, anyone who *does* block
based on that list is a moron. There are many morons around.)

> so any mail originating from their address is likely to be as the
> result of a trojan/zombie stylee compromise.

This is regrettably often the case, but the best way to spot this is
a blacklist aiming at listing compromised hosts (several of which
exist).

The point of the DUL is that it can be hard to go from an IP address to
a specific abuser, and the DUL tracks hosts for which this is true.
It's idiocy to consider it --- or any single criterion --- sufficient
reason for rejection of mail. It adds a bit over a point to SA's
estimation of likely spammability, which isn't enough to classify
anything as spam unless it looks pretty damn spammy already.

> DNSBLs are basically evil organisations staffed by fascist pigs, but a

Some of them are run by idiots, yes --- SPEWS is basically worthless if
what you're interested in is actually receiving mail rather than
punishing the innocent for their accidental association with the guilty
--- but most of them are reasonably run.

URIBLs seem to be a hell of a lot more effective, though: it hits
the spammers right where they make their money. The spammers *hate*
them and have repeatedly tried to knock them off the net with DDoS
attacks.

> lot of fools have been sucked into the easy spam-culling with which
> they attract new addicts before stinging you with the "good stuff",

Such people are morons, again, or trying to run a mail server with
resources too limited to do anything more than stone-axe spam scanning
(in which case, well, they must be accepting a reasonably large amount
of mail for that to be the case: can't they afford a cheap PC to chuck
Linux on and dedicate to SpamAssassin?)

-- 
`"Gun-wielding recluse gunned down by local police" isn't the epitaph
 I want. I am hoping for "Witnesses reported the sound up to two hundred
 kilometers away" or "Last body part finally located".' --- James Nicoll
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list