[Techtalk] sendmail/RBL question

Raven, corporate courtesan raven at oneeyedcrow.net
Fri Mar 29 17:17:36 EST 2002


Heya --

Quoth Akkana (Thu, Mar 28, 2002 at 03:29:50PM -0800):
> Then I moved my domain, including a mailing list I administer, to a
> new ISP, which did aggressive spam filtering (not using the RBL, but a
> similar concept).  It was a constant headache, because I was forever
> dealing with list members who discovered that they couldn't post
> because some provider upstream of them ran an open relay and had
> gotten blackholed.

	Yeah, a lot depends on how the people that do blackholing do it.
There are blackhole lists that contain the dialup pools of major ISPs,
on the premise that dialup users should be using their ISP's mail
servers and wouldn't need to send mail directly.  (Some spammers will
get a dialup account and send their spam through that, stop, redial up
hoping to get a different IP, and repeat.  It makes it harder to track
them down if the ISP doesn't keep tabs on what user had which IP when,
and then you have to trace through the headers of the spam complaints to
match up time and IPs.)

	However, if you are a dialup user and do run your own
legitimate, secure mail server through a connection like that -- you
still end up blackholed.

	Some ISPs are more death-on-spam than others.  If you have
connectivity through an ISP that is spam-friendly, or your ISP buys its
upstream connectivity through a spam-friendly larger ISP, then you may
end up blackholed for their permissiveness.  That sucks too.

	I think the worst case is when you inherit a previously
blackholed IP.  This is largely the fault of administrators who don't
keep their blackhole lists up to date.  IPs change.  Customers leave
ISPs and get new ones, and just because an IP was once a source of spam
doesn't mean it will always be.  All too often, I've seen customers get
a new IP, and be unable to send mail because the previous owners of that
IP block were spammers.  Usually you can convince the admins of the
blackhole list to take you off it, but if sysadmins don't update their
copies of the blackhole list, you still won't be able to send mail to
them.

	So often, it comes down to diligent system administration.  If
you use a blackhole list, please make sure it stays up to date as much
as possible.  Otherwise you may be punishing the innocent.

	The other problem -- many blackhole list groups have had to go
under recently, for reasons political, financial, and such.  Many admins
just keep using "the last copy" of these lists.   That virtually ensures
some of the above cases.  If you do get blackholed like this, get a free
mail account (I like hushmail), e-mail the admin of the site blackholing
you from there, and explain the circumstances.  Hopefully they'll be
reasonable and remove your now-clean IP from their list.

> Although I hate spam and wish I could stop it, I'm not willing to block
> all the people who are stuck downstream from irresponsible providers
> through no fault of their own.

	That's one of the reasons I filter loosely (IPs, not whole
blocks for the most part) for my domains, and more strongly per account
if the account-holder wishes it.

Cheers,
Raven 
 
"That should be: "If cryptography is outlawed, only bhgynjf jvyy unir
 pelcgb!" Or maybe, for maximum effect, "...only pvumbxt xjmm ibwf
 dszqup!""
 -- Kai, on 'better' cryptography

MD5 (outlaws) = 4c86ccf216da19edcc4b80e3824b67ab
 -- my response



More information about the Techtalk mailing list