[RE: [Dshield] mail1.giac.net spamcop listed]

Rick Klinge rick at jaray.net
Sat Dec 13 03:11:05 GMT 2003


> > SpamCop like any other "free" blacklist system is an effective "tool".
>
> I would have to disagree (with it being "effective", not with it being a
> "tool" ;-P). It sounds like its suffering from poor authentication and
> verification. In other words, the focus seems to be on creating a "big"
> list rather than an "accurate" list.
>

This is highly "effective"  SpamCop is doing a fine job for what it is
designed to do.

> Just take a look at what happened here. A single person reported a
> message as being spam and d-shield got /dev/mulled. There was obviously
> no authentication that the person is clueful, or verification that the
> e-mail was in fact spam.
>

I don't know if this is factual or stipulation.  What I was told by Ellen
from SpamCop was that possibly DShields list servers' subscribe verification
might be questionable.  Apparently from SpamCop they reviewed the source and
found it to be legit.  Either way it was wrong and they agreed and d-listed
them.

> Personally, I'm kind of glad it happened. If the person had actually
> verified their subscription then may have tried posting. ;-)
>

This makes no sense.. why be glad that DShield got listed?

> >  It
> > should NOT be the sole/single tool to use to combat spam but
> rather used in
> > conjunction with other blacklist's and filters for a positive
> confirmation
> > that the source is spam.
>
> IMHO this is a little different. If "the problem" was the black list was
> letting spam slip through, I would agree completely that a layered
> approach would be more efficient at fixing "the problem". The isuue here
> however is they are telling you to block IPs that are not actually
> spammers. Combining this tool with other black lists, spamassassin, etc.
> is not going to fix this problem. The only thing that would fix it is
> verifying the list prior to implementing it, which if you have to do
> that the list becomes far less useful.
>

Your confusing statement is an oxymoron - if the reported spam had been
correlated against 2 more blacklist then the report would clearly show that
it was NOT spam.  That blacklist (SpamCop) did exactly what it is programmed
to do.  The approach I stated is simple and proven by thousands of companies
world wide.

> >  Personally, in a business environment, I would
> > have the filters set so tight that just 1 piece of spam would
> bar all email
> > from that source for 6 months and I would not accept mail from
> them until a
> > 10,000.00 dollar bond was received and held for 6 months.
>
> Huh? Again, the message in question ___was not spam___. It was a
> subscription verification sent out because this individual tried to join
> the list.
>

Wrong again .. they 'SpamCop' confirmed the emails to be suspect.

> > I wrote SpamCop concerning DShield and they
> > did respond and subsequently d-listed them.
>
> I think its cool that they listened to you, but IMHO Johannes (who is
> listed as the admin and tech contact of the domain) should have been
> able to receive some form of response as well as get the site d-listed.
>

I'm not totally sure but I believe they did notify DShield - at least they
did state that 'someone' else had inquired.  I contacted them out of
professional courtesy because I value the use of this security information
and awareness list server (along with many other folks).

> > What I would vote for would be a Global bl server system (right
> next to the
> > root DNS Servers) that would sync and balance out known spammers.
>
> Based on this system, I hope not. Not till the problems listed above are
> fixed anyway.
>

There is nothing to be fixed here... there is no problems using SpamCop as a
'additional' tool.  A tool to be used with 'other' tools.  Never try to
change an engine with just a pair of pliers.

Let us not continue this into a systematical flame war of witts.  Life is
way too short.


Cheers,


~Rick

___________________________________________________________________
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.




More information about the list mailing list