[Spambayes] Beyond Spambayes

Seth Goodman sethg at GoodmanAssociates.com
Thu Feb 23 04:33:03 CET 2006

On Wednesday, February 22, 2006 5:57 PM -0600, Bill Y wrote:

> >  From: "Seth Goodman" <sethg at GoodmanAssociates.com>
> >
> >  For the oddball dynamic IP from which you need to receive
> >  messages, add them to a whitelist.
> Therein lies the problem; a dynamic IP can't be whitelisted by
> IP address, only by name.

If they are operating a mailer on a dynamic IP, they will hopefully have
a domain name.  It's an extra step, but you can configure your mailer to
do rDNS on the domain name to get the whitelist IP.  Another possibility
is whitelisting by HELO name.

> >  Some people hate DNSBL's because they or someone they know has at
> >  one time or another been falsely listed (i.e. one of their own
> >  users mistakenly reports them).  Or perhaps they were listed for
> >  cause and removed the spammer, but then had trouble getting
> >  delisted fast enough to suit them or had to pay a fine.  Despite
> >  what some detractors would have you believe, a well-run MTA rarely
> >  winds up on a DNSBL.
> I *personally* have been blacklisted.  I know exactly what was on the
> wire that month... NOTHING.  I was across the country in Los Angeles
> doing a TV show for a month and a half and the hardware was powered
> down.  Nothing was whistling into the DSLAM at all.
> The reason (when I finally got in touch with the RBL admin) - "you
> are in a netblock that's assigned to home/SOHO DSL".

That's a policy decision for each DNSBL.  Some DNSBL's only list dynamic
IP's and some other DNSBL's include those lists.  Some DNSBL's list only
IP's that have recently sent spam while others list only open relays.
If using a DNSBL is part of your acceptance policy, it is very important
that you understand their listing and delisting criteria and be aware of
any other lists that they include.

A lot of people don't want mail from dynamic IP's, which is why some
DNSBL's list them.  Except for hobby systems, there are very few
legitimate mailers with dynamic IP's.  With today's epidemic of trojaned
Windows machines, rejecting connections from dynamic IP's is probably
the single best anti-spam measure you can take.  If you don't want to
reject mail from dynamic IP's, don't use a DNSBL that includes them.

> And this was a relatively *reputable* RBL, mind you, not one of those
> that once you are blacklisted (because someone didn't like you) you
> must contact them to be removed - except you must contact them from
> the blacklisted IP address -which- guess what- is blocked from
> delivering mail.
> Sorry, I hate dictatorships, and my personal experience has run to
> indicate that RBLs are self-appointed tinhats of the first water.

Very few people like dictatorships, except for the dictators :)  I
highly recommend that anyone who doesn't like DNSBL's for whatever
reason not use them.  Your mailer, your rules.  This is something that
reasonable people can disagree on.

I will point out that a lot of systems use them with good results, which
is why they continue to exist.  Some of them were run by people with an
axe to grind, and some probably still are.  Others did a good job but
were sued or DDoS'd out of existence by bad guys.  I think it is very
advisable for anyone who is considering to use a particular DNSBL to
look at their policies and see if you agree with them.


> True.  But a three-phase commit would separate the pipeliners from
> the more legitimate types.

This would be a real improvement to SMTP, but it has a lot of inertia at
this point.

Seth Goodman

More information about the SpamBayes mailing list