[Dshield] Where should you start - I'll wrap it myself

Doug White doug at clickdoug.com
Thu Apr 8 00:25:19 GMT 2004




: Doug,
:
: I'm curious to know what software you are describing, as I highly recommend
: AGAINST using such software.
:
: Unfortunately, blacklists such as SpamCop have poor or sometimes non-existant
: checks for false positives when spam reports are submitted. The outcome is
: that anyone can blindly report domains and/or mail systems as "spammers" to
: SpamCop; they are automatically blacklisted and notified that they have been
: tagged as spammers. This can be quite a pain for legitimate mail domains to
: get blacklisted without just cause. Automated methods to "deduce" the
: legitimacy of email is nowhere near as accurate as it needs to be for such
: systems to work correctly.
:
: End users often mis-interpret legitimate email as spam. To think that
: thousands of end users are running an automated blacklist software plugged
: into Outlook makes my insides churn.
:
: I hope that any mail administrator would reconsider the use of SpamCop or
: similar blacklists that don't check for false-positives, as well as Outlook
: clients that send such reports automatically. The risk of DoS attacks on this
: kind of implementation are too great for this to be viable.
=====

Just how do you check for false positives?   Spam is spam.  We check for forged
headers, obfuscated origin, forged return addresses, blatant dictionary attacks,
joe-jobs, open relay rape, and inappropriate content.  Violators get
blacklisted. period.:
:
We will have to agree to disagree then.  I am a user of the spamcop blacklist,
and have been for over 4 years. They are not the only blacklist that I use.  Not
one complaint has been received from a client because of a false positive, or
describing mail blocked that they did not want blocked. I also maintain my own
private blacklist, which may have a chance of a false positive, but that is a
reason for a whitelist.

I agree that spamcop runs on the basis of complaints.  They don't block based on
one complaint, that is unless it is unsolicited mail addressed to a registered
spamtrap address.  This is not to defend their policies in any way, nor to make
a claim that they make no mistakes.

In my opinion, there is no legitimate emailer that blindly broadcasts
unsolicited commercial, or unsolicited bulk email, and especially those that
trade among themselves mail lists illicitly harvested by harvest bots.  Even
worse are those who send their spew via compromised relays, obfuscated header
information and other techniques to force their unwanted traffic on the
unwitting.  As a mail service provider, I do not recognize anyone's "right" to
pump email that is unwanted into my system, and those who agree with this
methodology are my rightful clients.

I am not against advertising, but am against advertising at my expense.
Currently, we are blocking approximately 48% of mail that attempts to deliver to
my systems.  By blocking this unwanted email at the gateway, my clients have
been empowered to take back control of their inboxes and use email for
legitimate purposes.

Doug




More information about the list mailing list