|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Open relays and open proxies
In a message written on Fri, Apr 25, 2003 at 11:35:16AM -0700, Will Yardley wrote:
> If you're talking about the actual reports sent by SpamCop, they are
> not unsolicited, because they're going to abuse and / or role accounts
> (and are thus solicited implicitly). If you don't want to receive
> SpamCop reports, I'm almost certain you can ask them not to send you
> reports.
The problem is you can be spammed and blocked by proxy. A company,
who will remain nameless, configured their mail server to report
"spam" to "spamcop". One of their users was on a mailing list I
run. They reported a completely legitimate e-mail to SpamCop,
which SpamCop took as a Spam report. SpamCop then added my mailer
to their DNS black list. This is in fact how I noticed, I received
mail refused from list deliveries before I ever got a SpamCop report
(which I did receive a few hours later).
To their credit, when I pointed out this was legitimate mail they
did remove the offending entry quickly. Only to have it reappear
6 hours later when the next mailing list mail was reported in the
same way. :(
So, a bogus reporter was able to:
1) Waste my time and resources by having spamcop send me mail I did not
ask for, want, or deserve.
2) Tarnish my reputation which I had to defend.
3) Make several of my users unable to receive e-mail from my legitimate
lists because their ISP's/Companies use SpamCop's list.
I used to be a fan of various services that "listed spammers",
including SpamCop, and the RBL. No more. Both seem to use the
nuclear weapon to take out an ant method, which given those tools
is probably the only way they have any chance of working. If you
have a hammer, everything looks like a nail. They also both assume
mail is "normal", that is one end user to one mail server to another
mail server to an end user. Add mailing lists, relaying services,
and other things and legitimate e-mail gets classified as spam, or
worse, spam that passed through a legitimate gateway gets the
gateway listed.
The tools inside spam assassin, baysean(sp?) filtering, fingerprint
checks of known spam messages, filtering of known spam identifiers
is both more effective at actually catching the spam, and it's also
much better at not wacking legitimate messages. Listing services
are yesterday's technology, and frankly, have failed in their end
goal. The community needs to push forward with more advanced tools,
like the fingerprinting software.
--
Leo Bicknell - [email protected] - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - [email protected], www.tmbg.org
Attachment:
pgp00026.pgp
|