[Techtalk] opinions on RBLs, please

Tue Feb 18 18:44:32 EST 2003

Kelly Martin wrote:
> Carla Schroder wrote:
> 
>> In my never-ending quest for good spam-fighting tools, I've been 
>> pondering using RBLs. However I'm concerned about blocking legitimate 
>> emails, they seem rather cavalier about the possibility. "If your ISP 
>> is a spammer, get a different ISP." Anyone have experience with them? 
>> There won't be any relaying issues for my clients, no downstream 
>> servers, just how will their own mail delivery be affected.
> 
> 
> One of our servers got put on an blacklist because our webmaster 
> installed a buggy version of formmail.pl.  We caught it and fixed it 
> within 48 hours, but we're still on that blacklist two years later.  The 
> maintainer refuses to even so much as talk to us, let alone remove us. 
> We have to run a second mail server on a second address just so we can 
> send mail to account at Earthlink because they refuse to unblock this one.
> 
> I have yet to see a blacklist that was maintained responsibly.

I've certainly seen a few which seem to be run by the certifiably insane 
(there was a thread here recently about the blacklist behind 
http://banned-for-spamming.us/ - which permanently blacklists any ISP 
from which they have ever received anything resembling spam, however 
major the ISP, however long ago the spam was sent, and flames anyone 
disagreeing). Having said that, I've found Spamcop's approach - and 
their own blacklist, bl.spamcop.net - to be good:

1. Any ISP generating a significant number of spam complaints 
(significant relative to the number of legitimate emails, to avoid 
"throwing the baby out with the bath-water" effects) is blacklisted 
temporarily. Recent complaints count more heavily than older ones, and 
only complaints within 3 days are counted.

2. Customers have personal whitelists, so no legitimate sender will be 
blocked more than once.

3. For their own customers, the blacklist does *not* cause mail to be 
rejected. Instead, it's diverted into a 'Held mail' folder. Genuine spam 
can then be forwarded to the relevant ISP(s) as a complaint, and 
legitimate email can be 'released' into the Inbox, optionally adding the 
sender to your personal whitelist so future mail from that person will 
be recognised as legit.

I've been using it for just over a year now, with no complaints. I don't 
know how easy it is to replicate this setup in your own mailserver, 
although most of it should be straightforward (the spam reporting engine 
is GPLed, and most of the other functionality seems built in to the 
servers I've seen) - anyone tried it?

James.