[linux-elitists] Spam spam spam spam

Aaron Sherman ajs@ajs.com
Fri Feb 18 19:51:52 PST 2005


On Fri, 2005-02-18 at 22:26, Karsten M. Self wrote:

> > Damn. I was using Spamhaus specifically because they only listed people
> > who were known to originate spam (either because they were zombies (XBL)
> > or spam sources (SBL)). Either I was wrong, or they've changed their
> > policy to list groups punitively.
> 
> I believe you're misunderstanding how Spamhaus works.

No, I'm really not. At least not now. I may have misinterpreted their
information BEFORE, or they may have changed. That's hard to tell.

> The SBL itself *is* just known spam-source IPs.  SpamCop's DNSBL is
> similar.
> 
> However, in addition to this, Spamhaus provides *aggregate* level
> information on ISPs and KSOs, to provide useful information to those
> trying to address spam at a higher level.

If you're saying that the SBL is a combination of some internal data and
some external data, fine.... but it's still useless because they provide
no way (same resolved IP for both types of data) to differentiate.

If you are saying that this aggregate data is not in the SBL directly,
then either you're wrong, or their Web site is. Let me use Spamhaus's
own words (emphasis mine):

        http://www.spamhaus.org/sbl/sbl-rationale.html
        
        Listing Criteria
        
        The criteria for listing IPs **in the SBL** is:
        
                        Spam Sources
        Spammers sending bulk email
        verified to be unsolicited
        (spam) directly from static
        IPs under the spammer's
        control.
                          Spam Gangs
        Spam gangs listed in ROKSO -
        including preemptively
        listing new netblocks each
        time known spammers move to
        new hosts.
                       Spam Services
        Spammers' mail servers, web
        servers, DNS and other
        servers used in spamming.
                        Spam Support
                            Services
        Services providing
        'bullet-proof' hosting for
        spam service purposes,
        **serving 'spamware'
        sites**, or **knowingly
        providing services for spam
        service purposes**.

That is, you get listed in the SBL, even if you've never sent out spam,
because you provide support services or sell software related to spam.
Hell, by that logic, they could list staples.com after sending them a
"you sell office supplies to the following spammers" letter.

I'm looking to block spam coming to my doorstep, not tie a yellow ribbon
around my and my customers' MTAs.

> Suggest you read Spamhaus's specs _with_ comprehension.

Turns out I have... finally. That's what prompted my outrage, and
immediate removal of SBL from my mail server configs. Turns out there's
a nice honeypot network that, when combined with the XBL blocks just as
much UCE as XBL-SBL did without punitively listing "spam-related"
businesses.

> You're confusing Spamhaus with SPEWS.

Nope. I'm just reading their documentation. This being a mailing list,
I'm sure you didn't expect that ;-)

-- 
☎ 781-324-3772
✉ ajs@ajs.comhttp://www.ajs.com/~ajs




More information about the linux-elitists mailing list