[Spambayes] Beyond Spambayes

Coe, Bob rcoe at CambridgeMA.GOV
Thu Feb 23 22:06:23 CET 2006


Sorry, but I'm going to pour gasoline on this fire.

I dislike spam too, but the idea that we have to strike back with all the algorithmic force of the mathematical universe is just nuts. Spammers haven't figured out how to disable the "Delete" key, and when one uses said key, the spam message disappears without a trace. I can't speak for the other countries represented on this list (Australia, France, Germany, the UK, etc.), but here in the USA paper junk mail is a far larger problem than spam is. I get at least ten pounds of it a week, and it all has to be physically disposed of in an environmentally satisfactory manner. In my part of the country they won't even let us start bonfires and burn it. If someone could figure a way to stop paper junk mail (or get our mealy-mouthed politicians to do it), he would have performed a real public service. But I think we're already spending more than enough resources on anti-spam measures and that anyone so spam-averse that he thinks an even greater effort is justified should get a life.

Just my 2c worth.  ;^)

Bob

> -----Original Message-----
> From: spambayes-bounces at python.org 
> [mailto:spambayes-bounces at python.org] On Behalf Of 
> netsecurity at sound-by-design.com
> Sent: Thursday, February 23, 2006 5:28 AM
> To: spambayes at python.org
> Subject: Re: [Spambayes] Beyond Spambayes
> 
> 
> Frankly I am in agreement with Billy Y. I myself have gotten 
> black holed because someone on the same netblock sent a bunch 
> of spam. Getting off the list was impossible because I did 
> not control the netblock. It took over three months, and I 
> have a fixed IP!
> 
> Rather than disruptive RBLs, if we did deep packet inspection 
> to find the forged HELO and other headers and dumped them we 
> would be far ahead.
> 
> While I don't run my own mail server, a friend who does says 
> that a sendmail script finds all the forged headers and 
> reports them as probable spam. He swears it is a default 
> install so he doesn't know exactly what part of sendmail does 
> the trick.
> 
> Maybe someone with sendmail skills could see what is up with 
> it and incorporate it into the rest of SpamBayes as an 
> enhancement. If SpamBayes does it, then SpamAssassin will 
> copy it fairly soon. Since some hosting services are starting 
> to use SpamAssasssin on their servers this would be good for all.
> 
> BTW, my hosting service uses SpamAssassin instead of 
> SpamBayes because of speed and server load. He says that he 
> ran tests and couldn't get the performance out of Python that 
> he needs to make it work well. Perhaps making a fast, light 
> CPU usage, runtime server version might be in order to investigate.
> 
> Thanks,
> 
> Allen
> 
> 
> sethg at GoodmanAssociates.com wrote:
> > On Wednesday, February 22, 2006 5:57 PM -0600, Bill Y wrote:
> > 
> > > >  From: "Seth Goodman" <sethg at GoodmanAssociates.com>
> > > >
> > > >  For the oddball dynamic IP from which you need to receive  
> > > > messages, add them to a whitelist.
> > >
> > > Therein lies the problem; a dynamic IP can't be whitelisted by IP 
> > > address, only by name.
> > 
> > If they are operating a mailer on a dynamic IP, they will hopefully 
> > have
> 
> > a domain name.  It's an extra step, but you can configure 
> your mailer 
> > to
> 
> > do rDNS on the domain name to get the whitelist IP.  Another 
> > possibility
> 
> > is whitelisting by HELO name.
> > 
> > 
> > > >  Some people hate DNSBL's because they or someone they 
> know has at  
> > > > one time or another been falsely listed (i.e. one of their own
> > > >  users mistakenly reports them).	Or perhaps they 
> were listed for
> > > >  cause and removed the spammer, but then had trouble getting
> > > >  delisted fast enough to suit them or had to pay a 
> fine.	Despite
> > > >  what some detractors would have you believe, a well-run MTA 
> > > > rarely  winds up on a DNSBL.
> > >
> > > BTDT.
> > >
> > > I *personally* have been blacklisted.  I know exactly what was on 
> > > the wire that month... NOTHING.  I was across the country in Los 
> > > Angeles doing a TV show for a month and a half and the 
> hardware was 
> > > powered down.  Nothing was whistling into the DSLAM at all.
> > >
> > > The reason (when I finally got in touch with the RBL 
> admin) - "you 
> > > are in a netblock that's assigned to home/SOHO DSL".
> > 
> > That's a policy decision for each DNSBL.  Some DNSBL's only list 
> > dynamic
> 
> > IP's and some other DNSBL's include those lists.  Some DNSBL's list 
> > only
> 
> > IP's that have recently sent spam while others list only 
> open relays. 
> > If using a DNSBL is part of your acceptance policy, it is very 
> > important
> 
> > that you understand their listing and delisting criteria 
> and be aware 
> > of
> 
> > any other lists that they include.
> > 
> > A lot of people don't want mail from dynamic IP's, which is 
> why some 
> > DNSBL's list them.  Except for hobby systems, there are very few 
> > legitimate mailers with dynamic IP's.  With today's epidemic of 
> > trojaned
> 
> > Windows machines, rejecting connections from dynamic IP's 
> is probably 
> > the single best anti-spam measure you can take.  If you 
> don't want to 
> > reject mail from dynamic IP's, don't use a DNSBL that includes them.
> > 
> > 
> > > And this was a relatively *reputable* RBL, mind you, not one of 
> > > those that once you are blacklisted (because someone didn't like 
> > > you) you must contact them to be removed - except you 
> must contact 
> > > them from the blacklisted IP address -which- guess what- 
> is blocked 
> > > from delivering mail.
> > >
> > > Sorry, I hate dictatorships, and my personal experience 
> has run to 
> > > indicate that RBLs are self-appointed tinhats of the first water.
> > 
> > Very few people like dictatorships, except for the dictators :)  I 
> > highly recommend that anyone who doesn't like DNSBL's for whatever
> > reason not use them.	Your mailer, your rules.  This 
> is something that
> > reasonable people can disagree on.
> > 
> > I will point out that a lot of systems use them with good results, 
> > which
> 
> > is why they continue to exist.  Some of them were run by 
> people with 
> > an axe to grind, and some probably still are.  Others did a 
> good job 
> > but were sued or DDoS'd out of existence by bad guys.  I 
> think it is 
> > very advisable for anyone who is considering to use a 
> particular DNSBL 
> > to look at their policies and see if you agree with them.
> > 
> > 
> > <...>
> > 
> > > True.  But a three-phase commit would separate the 
> pipeliners from 
> > > the more legitimate types.
> > 
> > This would be a real improvement to SMTP, but it has a lot 
> of inertia 
> > at
> 
> > this point.
> > 
> > --
> > Seth Goodman
> > 
> > _______________________________________________
> > SpamBayes at python.org 
> http://mail.python.org/mailman/listinfo/spambayes
> > Check the FAQ before asking: http://spambayes.sf.net/faq.html
> > 
> > 
> 


More information about the SpamBayes mailing list