[TriLUG] preferred RBLs?

Rick DeNatale rick.denatale at gmail.com
Tue Nov 29 21:00:21 EST 2005 

On 11/29/05, Corey Mutter <corey at mutternet.com> wrote:
> On Tue, Nov 29, 2005 at 10:17:18AM -0500, Jason Tower wrote:
> > anyone have smtp RBLs that they're particularly fond of?
>
> I second others' recommendations for sbl-xbl.spamhaus.org.
>
> The way I have it set up at my day job, I use MIMEDefang and do the
> blacklist check in filter_recipient(). It means the list gets checked
> once per recipient instead of once per connection, but it also means
> that I can set some addresses (like 'contact' and 'support') to not
> filter using the blacklist. The machine has a caching DNS server anyway,
> so no big deal on the DNS load.
>
> My Web page referenced in the bounce message given tells people that
> they can use the contact or support addresses to email us, if they
> happen to get on the list. So far, in a couple of years, that's only
> happened once (when an ieee.org mailserver got on XBL because a machine
> behind their NAT was spewing out viruses...)

I have to say that I'm a big NON-fan of using RBLs to bounce mail.

My ISP does just this, and I found out that despite their claims, they
were discarding a LOT of my legitimate mail.  I only found this out
when I figured out why I was getting repeatedly being put into bounced
status by yahoo groups.  Yahoo's group system turns users off if they
have had a certain number of bounces, and they periodically send mail
pings to see if they can contact you. The mail ping when it comes
through, tells you that you've been turned off and has a link to a web
page where you can be reinstated.  When I went there, it let me see
the bounce messages which yahoo had been getting, and I saw that my
ISP was bouncing the mail because the mail server that yahoo was using
had been reported to spamcop.net.  Spamcop even prominently warns
about NOT using them to bounce mails, but as a filtering option, but
my ISP loved just bouncing the mails because they found it greatly
reduced their mail server load.  Well of course it did because they
were throwing out a lot of good e-mail with the bad.  But they claimed
that they didn't have a problem because no one was complaining.

Of course it took a certain amount of tech savvy on my part to get to
the point of realizing I had a problem and why.  It also explained
other things like why I would often fail to get confirmation e-mail
messages when I tried to sign up for things like sourceforge mailing
lists. The confirmation messages (which ironically are intended to
keep spammers from using mailing lists to do their dirty work), were
being bounced by the rbl, so I couldn't ever sign up for various
lists.

At the same time, I found that a large proportion of the mail that the
ISP was passing on to me was spam, which gives another measure of the
effectiveness of the rbl approach. I don't know which mix of rbls they
were using but from my perspective there were a lot of both false
positives and false negatives.

I ultimately had to set up my own domain and mail server so that I
could have control over anti-spam measures myself.


--
Rick DeNatale

Visit the Project Mercury Wiki Site
http://www.mercuryspacecraft.com/

More information about the TriLUG mailing list