Email Blacklisting

My work email is my biggest problem with spam. My personal emails, while nowhere near spam-free, don't get enough to be a problem, but my work email, each day, gets about 800+ emails that are utterly of no use whatsoever. Some of these are bouncebacks from the 30 forums we run, but the rest are spam. Between the spam filter in my email (The Bat!) and the rules I've created, precious few make it to the inbox. Some, like the bouncebacks, I never see at all. They're permanently deleted and deleted from the server as well.

Hello,

Quote:

---

Originally Posted by Moira

Like most people, I'm fed up of coming home from work to find 150 + junk emails on one account alone, in under 24 hours. True, they're in the spam folder but they're still there! I could opt to have them all deleted but that particular account is one I choose to receive mail from people who aren't necessarily in my address book (ie strangers can mail me from the website if they want, and go via the spampoison controls). So I figure if I don't glance at it I'll inevitably lose some genuine email.

---

A way around you web site account is to use a secure form where the from address is the web server itself. That way, you can put it in your address book and then you won't have to question if its a web site concern.

This is the very crux against RBLs in my opinion. If you run a linux server, you can try DynaStop at http://tanaya.net/DynaStop/. Its GPL.

Quote:

---

Originally Posted by Moira

Gmail is just as bad, difference is most of the rubbish isn't downloaded. My ISP is actually brilliant, but there again that's a paid service. They annoy me though in some ways. There must be certain email they let through no matter how many times I label it "junk". Conversely their own mail comes into my acount labelled "spam" - there's no logic to it.

---

I've dealt with this from yahoo. The advertiser has paid your ISP to not filter their message. I despise yahoo for this very sleezy tactic.

Quote:

---

Originally Posted by Moira

And try sending someone an email with an attachment other than a jpg or something similarly insipid. It doesn't stand a cat in hell's chance of reaching your intended recipient, so how come all these virus attachments and phishing scams make it to my inbox?

---

Your ISP is not virus scanning, only a blanket block on certain extentions. This is a poor excuse to security but many ISPs go this way for speed. Virus scanning every message can be heavy and cause mail delays. I do it on my server anyway. My users wouldn't have it any other way, even if I sometimes have 12 hour backlogged messages. They are gaurenteed that their mail is clean.

Quote:

---

Your ISP is not virus scanning, only a blanket block on certain extentions. This is a poor excuse to security but many ISPs go this way for speed. Virus scanning every message can be heavy and cause mail delays. I do it on my server anyway. My users wouldn't have it any other way, even if I sometimes have 12 hour backlogged messages. They are gaurenteed that their mail is clean.

---

This was actually a very heated argument at the last IANETSEC conference. Where does the ISP's responsibilities begin and end? You are paying for a pipe and for those who are educated, this should be the only thing you need. Others insist that ISPs must take steps to filter traffic but then what happens when they begin filtering things that you want and use for legit purposes? Case in point, SMTP.

Laws have proven useless against spammers. How do you press a guy in the middle of the congo who keeps sending you 4-1-9 scams?

Now back to RBLs. I still have faith in most of them. Judging all for the actions of one or two is backwards logic in my book. If you get bit by one dog, do all dogs bite? Obviously not.

Still, I understand your position and I think you have a valid gripe.

--TH13

Hi, thanks for this input. My ISP claims to be virus scanning messages actually, they make a big thing of this. I don't have a problem with mail from them.

Yahoo, I see your point. I'd also describe it as a sleazy tactic.

My website protects against spam email, that isn't the problem. Nobody can send me any mail unless it's from an actual person, ie no bot can harvest the address. If you want to see what I mean, try sending me email from the obvious link on moiraatkinson.co.uk. I don't want to prevent people doing this, I love getting random mail or guestbook comments and that account is set up for exactly this purpose.

I for one welcome our new RBL overlords. Without aggressive filtering, email
would cease to exist. Each administrator of a mail server must answer to his
own customers. RBLs are voluntary. If your mail fails to reach its destination
because the server on the recieving end is too agressive, people are willing to
pay attention to complaints. The net is still a cooperative enterprise. Initiate a
dialog with those you want to influence. RBLs aren't going away until the need
goes away. In other words, they are here to stay.

Another story on the current increase in spam:

http://news.bbc.co.uk/1/hi/technology/4225935.stm

Quote:

---

Originally Posted by thehorse13

This was actually a very heated argument at the last IANETSEC conference. Where does the ISP's responsibilities begin and end? You are paying for a pipe and for those who are educated, this should be the only thing you need. Others insist that ISPs must take steps to filter traffic but then what happens when they begin filtering things that you want and use for legit purposes? Case in point, SMTP.

Laws have proven useless against spammers. How do you press a guy in the middle of the congo who keeps sending you 4-1-9 scams?

Now back to RBLs. I still have faith in most of them. Judging all for the actions of one or two is backwards logic in my book. If you get bit by one dog, do all dogs bite? Obviously not.

Still, I understand your position and I think you have a valid gripe.

--TH13

---

SMTP is a valid point that I think many ISPs have come up with a good solution for. For the average residential consumer block all access to all low ports (ports under 1024). For the advanced users, have a "priviledge account" of a open port fee (I've seen $4.95 US) that allows access to all ports unrestricted. It seems to work because the average residential is not up on antivirus and antispam whereas the advanced users are well aware and capable of keeping their systems clean. I personally feel this is a fair and reasonable balance.

If the laws are written like the one Austrialia has or the one proposed by California then the spammer take a serious hit. The CAN-SPAM versions (both 1 & 2) do not address the real issues.

I am not against any RBL that acts responsibily only those that take a dictorial stance irregardless of the destructiveness they are incurring on innocents. RBLs do have an important role but only if they conduct themselves appropriately.

Quote:

---

Originally Posted by rcgreen

I for one welcome our new RBL overlords. Without aggressive filtering, email
would cease to exist. Each administrator of a mail server must answer to his
own customers. RBLs are voluntary. If your mail fails to reach its destination
because the server on the recieving end is too agressive, people are willing to
pay attention to complaints. The net is still a cooperative enterprise. Initiate a
dialog with those you want to influence. RBLs aren't going away until the need
goes away. In other words, they are here to stay.

---

the use of an RBL is not a justified excuse for an administrator not doing their job. If an RBL is used wisely, they are invaluable. Used wrongly, they are a menance.

The issue I raise is two-fold: RBL accountability and administrator accountability. Both must work in order to stop spam.

Here is an example: I have a system I made that files complaints on messages my users report as spam (putting them is a special forder). The system makes a nice and polite form, fills in the abuse addresses, attaches the complete spam and mails it.

The result of this has been phonenemal. ISPs that have had a previoisly poor standing with my users have responded positively and the spam has stopped from those sources.

its a fair and positive solution to a problem that works.

Laws do not create order, enforcement of laws does. Laws are wonderful, but they do not reach across borders and if you cannot enforce them, well, you get the idea.

As far as the power user options from ISPs, well I suppose it's fair if you're the average dummy. I for one don't think I should have to pay more because I'm actually responsible and knowledgeable. Sounds a little backwards. They should charge the dumbasses who still have the slammer worm on their boxen.

If we want to look at the real issue, the one that covers all evils, then we need to look at the internet itself. We're using it for purposes it was not designed for. If you want a secure internet, free from all the menaces, then it's time to design it from the ground up with security and accountability baked in.

--TH13

Hmmm, puts me in mind of a little cautionary tale:

"There was Somebody, Anybody and Nobody, and there was a job to be done. Somebody should have done it, Anybody could have done it, but Nobody actually did it"

Kind of reminds me of ISPs, Administrators and RBLs:D

Over here, it is rather costly to have a static IP address, so many small businesses and most domestic users have a dynamic one, that changes every time you log in. That gets you onto several RBLs for a start.

In other lists where an IP address has been blocked for actual spamming or malware propagation, you stand a good chance of inheriting it when it becomes free again.......................but it is still on the RBL.

The ISPs couldn't care less................if you change them you will still be faced with the same problem, and the few thousand lost customers represent absolute peanuts by comparison to the cost of providing a better service, and the overall scale of their operations.

The RBLs don't care because they are not accountable...............

And (unfortunately) the majority of administrators that I have met don't have the commercial/business knowledge to realise that there even is a problem. They seem to regard RBLs as some sort of magic bullet.

I think that the problem is a basic lack of communication between the parties involved?

:(