Spam stuff
August 30, 2006 10:20 pm GeneralThe most interesting thing for me of the responses I’ve gotten to the “I am a false positive” blog entry I wrote earlier is the defense of the blacklist system by a number of people.
It seems the theory goes “your ISP is doing bad stuff that’s hurting the internet. We’re only hurting you so that you can make them stop.” That might be “not doing good stuff to help the internet” instead of actively being bad, but you get the point.
But this is a hugely flawed logic. It’s the same logic that says that economic sanctions work because the people actually affected by the sanctions, that is, the less well off, will rise up and force their government, who aren’t affected by the sanctions, to change their ways. Blocking France doesn’t hurt spammers – they have lots of zombie PCs – it hurts me.
There are lots of ways to avoid false positives – greylisting, temporary blacklists based on who is actually sending out spam, bayesian filters like bogofilter, and so on. A case study in spam filtering without blocking real mail is here – this guy gets a million spams a day, and filters 99.999% of them automatically. Now if only everyone did this at the mail server level, I could pretend like spam didn’t exist and get on with my life.
In his Hall of Shame, he includes DNS-RBLs, and has this to say about them:
Well, I don’t know why, but in practice every single DNS-RBL eventually comes under the control of power-hungry weenies. They start listing sites unreliably, and if you complain you find yourself listed. And there’s usually no way to get off the list.
…
If the lists you use have not yet descended into corruption and chaos, consider yourself temporarily lucky.Do not use DNS-RBLs.
August 31st, 2006 at 7:32 am
Gaaa! You are sponsoring a spam-friendly provider. It is only fair to hurt you.
August 31st, 2006 at 7:56 am
Not only my ISP (Free) is on several RBLs, but my own IP too is blacklisted (Free gave me a static IP 3 years ago).
Reasons : massive virus spread. I suppose a friend came at home with an infected laptop, and the virus spread as soon as the wifi connexion was active. Anyway, it took me weeks to get my IP removed from RBLs.
So, I agree : RBLs are evil.
August 31st, 2006 at 8:53 pm
I use a lot of blacklists, but I agree with you – they should (generally) not be used to drop email (least not anymore).
We have better tools now than we did before, bayesian filters particularly. Blacklists should, by and large, be used merely as inputs to those classification tools, rather than be allowed by themselves to quash email.
September 1st, 2006 at 12:56 am
I 100% agree that blacklist are just annoying yet worthless junk.
There are lists that run some tests on your mail server and if they find a theoretical security issue: BAM – blacklisted. Not that you ( the user ) have any chance of fixing it. If you complain, you get the stupid answer: “Well, go to your ISP so he fixes this bloddy thing that jams our internet.”
What really puzzles me: The only mail filter I tried that used these blacklist was spamassassin ( forced to since Evolution unfortunately relies on that ). The results are worthless at best – or worse since ( as you know ) there are many false positives. I think that random() would generate better results than spamassassin. So the RBLs do not even work good enough – why on earth use them for anything?
September 1st, 2006 at 2:02 am
Parkinson’s Law:
“work expands so as to fill the time available for its completion.”
If you create the perfect efficient system, it will only stay that way for so long until someone figures out how to complicate that system again. Of course, this beautiful complexity that arises out of efficiency keeps a good deal of us employed.