North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Stealth Blocking
> From: David Schwartz [mailto:[email protected]] > Sent: Wednesday, May 23, 2001 7:10 PM > > Roeland Meyer wrote: > > > I don't need to check because I have a piece of confirmed spam > > from them. A > > smoking gun. That's the way MAPS RBL has been working for years. > > That is the > > way I expect it to continue to work. The main reason that I > posted to this > > thread is that some of the posts lead me to believe > otherwise. They were > > confused. > > I think you're missing the big picture. If you receive > a single piece of > spam from a site, that's not automatically grounds to block > the site. That's > a recipe for maximizing collateral damage. > So the receipt of a spam from a site is the beginning > of the process, not > the end. Actually, I simplified the process. I agree with you 100% here. I don't have the time for such an investigation therefore I use MAPS RBL. > > > Absolutely. Probe the machine that is of concern, not > > > whole blocks randomly. > > > Also, only block the proven spam-host. No one else. > > That's a more complex judgment. In most cases, I agree > that this is > appropriate, but I can think of (and have personally > witnessed) more extreme > circumstances. I've seen ISPs who say, "no, we like to spam > and we will spam > in the future". In those extreme cases, I'll block their > entire address > space from reaching my mail servers until their policy changes. Another reason to use MAPS RBL. > > > No, its open-relay status is not irrelevant. If you > > > know a site is an open > > > relay, however you know this, and you want to block open > > > relays (which I do) > > > and it's my right to block open relays, then I will block > > > them. How I find > > > out they're an open relay is another story. The usual way is > > > you probe a > > > site when it becomes an actual problem. > > > I submit that if you have a piece of spam, from a site, and > are blocking > > them, why do you need to probe them? > > Well, if you're blocking them because they're an open > relay and they say > they've fixed the problem, it's certainly reasonable to probe > them to decide > whether you should begin allowing mail from them. Or do you think it's > better to block them indefinitely just so that you don't 'trespass' by > probing them? I'm actually not advocating blocking all open relays. I am advocating blocking all spammers, whether they have open relays or not. There are actually open relays that a spammer can never use, because the open relay site uses MAPS RBL. The are collateral damage, with ORBS. Show me how such a site can be used by a MAPS RBL'd spammer. BTW, yet another reason to use MAPS RBL. > > > 3) Do you think it's unreasonable to block known open > > > relays as a > > > protection against future spam. > > > Absolutely not. Our entire Norte Americano culture is biased > > AGAINST apriori > > restrictions. The following is a real good example of why I don't like argument by analogy. Your analogy is broken. Let's deal with the issue directly. We actually seem to be on the same side here or not very far apart. > Nonsense! This argument would say that you should allow > children to bring > guns into school provided they haven't yet shot them. Our > culture is biased > against a priori restrictions upon speech imposed by the > government, but > there is nothing inherently bad about a priori restrictions. > > > You DO NOT spank someone for something that they > > have NOT, in > > fact, done. It's called prior restraint and there is a > reason that it is > > considered unjust. It violates the PURE WAR ethos. There is > no excuse for > > collateral damage. Innocents should not be involved, period. This is > > important because we DO have the technology to wage the PURE WAR and are > > ethically compelled to use it.
|