[Dshield] RBL deaths OT?

BarkerJr barkerjr at barkerjr.net
Thu Sep 25 21:05:04 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> > The big problem with RBL's is not that there is no funding, but
> > that they have come under attack by DDoS recently.  Two smaller
> > RBL's shut down this week, and there has been talk that SPEWS has
> > been targetted as well.  Small sites do not have the money to
> > spend on mutliple internet feeds, redundant systems and major
> > load balancing.  Even if they had something in place, targetting
> > the authoritative nameservers would not be that hard to do.
> > To set up a commercial RBL, you're going to have to do some major
> > load balancing, have support from your upstream provider, and a
> > lot of luck. One benefit of being a commercial site would be that
> > you could actually claim damages, thereby having the FBI
> > investigate.

You can't get the FBI involved unless you can prove greater than
$5,000 in damages.  A smaller commercial list would take a few days
to accumulate that much before they could call the FBI.


> SPAMCOP makes a very tempting target. Their wide spread use by
> SpamAssassin makes them an even more tempting target. In fact, I am
> quite surprised that there has not been any credible reports of
> their being attacked. They are probably the most widely deployed of
> the remaining RBLs (wish I had some hard stats). They block on
> based on 'proven spam.' Their definition of 'spam', and what I
> personally feel is a 'shoot first, ask questions later'
> blacklisting policy, IMHO makes them less effective in blocking
> spam sources than the other RBLs. (In the short time we used
> SPAMCOP, I found their false positive rate to be too high for our
> standards.)   

Well, Spamcop was knocked offline about a month ago for a few hours
and slow for about a week.


> 2) Some of the providers of Anti-Spam software will also be
> attacked -- especially SpamAssassin, and maybe shut down
> completely.  

Interestingly, SpamAssassin is also distributed via CPAN.  So, to
knock it offline, you'd have to basically take down the entire
internet.  Talk about getting the FBI's attention!

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBP3NYf4LSHsoG8onwEQIyaACg8IcaoLGI05W6VO3pVTOqWdurKTAAoN8d
FVcMqe7RSaLgfUkz451ICl3K
=nqqp
-----END PGP SIGNATURE-----





More information about the list mailing list