[RE: [Dshield] mail1.giac.net spamcop listed]

Chris Brenton cbrenton at chrisbrenton.org
Sat Dec 13 01:53:01 GMT 2003


On Fri, 2003-12-12 at 13:49, Rick Klinge wrote:
> Geeze.. let's lay this one to rest?

Naaa. Beating a dead horse is *so* much fun. ;-)

> SpamCop like any other "free" blacklist system is an effective "tool". 

I would have to disagree (with it being "effective", not with it being a
"tool" ;-P). It sounds like its suffering from poor authentication and
verification. In other words, the focus seems to be on creating a "big"
list rather than an "accurate" list. 

Just take a look at what happened here. A single person reported a
message as being spam and d-shield got /dev/nulled. There was obviously
no authentication that the person is clueful, or verification that the
e-mail was in fact spam.

Personally, I'm kind of glad it happened. If the person had actually
verified their subscription then may have tried posting. ;-)

>  It
> should NOT be the sole/single tool to use to combat spam but rather used in
> conjunction with other blacklist's and filters for a positive confirmation
> that the source is spam. 

IMHO this is a little different. If "the problem" was the black list was
letting spam slip through, I would agree completely that a layered
approach would be more efficient at fixing "the problem". The isuue here
however is they are telling you to block IPs that are not actually
spammers. Combining this tool with other black lists, spamassassin, etc.
is not going to fix this problem. The only thing that would fix it is
verifying the list prior to implementing it, which if you have to do
that the list becomes far less useful. 

>  Personally, in a business environment, I would
> have the filters set so tight that just 1 piece of spam would bar all email
> from that source for 6 months and I would not accept mail from them until a
> 10,000.00 dollar bond was received and held for 6 months. 

Huh? Again, the message in question ___was not spam___. It was a
subscription verification sent out because this individual tried to join
the list.

> I wrote SpamCop concerning DShield and they
> did respond and subsequently d-listed them. 

I think its cool that they listened to you, but IMHO Johannes (who is
listed as the admin and tech contact of the domain) should have been
able to receive some form of response as well as get the site d-listed. 

> What I would vote for would be a Global bl server system (right next to the
> root DNS Servers) that would sync and balance out known spammers.

Based on this system, I hope not. Not till the problems listed above are
fixed anyway.

HTH,
C





More information about the list mailing list