Spam Challenge-Response system

Corey Edwards tensai at zmonkey.org
Thu Apr 9 16:11:01 MDT 2009


On Thu, 2009-04-09 at 15:53 -0600, Michael Torrie wrote:
> Brandon Stout wrote:
> >> We should make some penalty for those that spam us. We should create a log of 
> >> our most sent spammer IP's or something and post their email addresses on the 
> >> internet...... Too bad most of the spam IP's are just open relays... :(
> > 
> > That's already been done.  They are called RBLs.
> > 
> > http://www.spamhaus.org/
> 
> And they are nightmare to get off of if you ever find yourself on the
> list, either because of a misconfiguration (some lists have more than
> just relaying hosts in them), or because of a mistake on someone else's
> part.  I'm not convinced that RBLs are effective anyway.

Depends on the RBL. Some, like Spamhaus, are rather good and I find
they'll eliminate a huge chunk of spam. I've seen a few times where
users were listed in CBL, which is included in Spamhaus, but the CBL is
a very simple list. You get on by sending to a spam trap, you get off by
clicking on a link. The cases I can think of were all times when a user
got infected with a spam bot and was appropriately added.

OTOH there are medicore RBLs like SpamCop and SORBS. They do a passable
job but often make mistakes. Getting yourself off their list, whether
listed their correctly or not (I've been on both sides of that coin) is
generally a PITA.

And then there's the absolutely horrible ones like UCEPROTECT and SFDB
which seem like they're in a race to blacklist the whole internet. That
strategy *will* rid you of spam, but I don't recommend it.

If you do use blacklists, make sure you keep up to date on them. Often
they'll go offline with or without warning. Some like DSBL just stop
publishing DNS which slows down your server. There was one, can't recall
its name off hand, which decided to start handing out a positive
response to every query. Didn't affect my servers, but I had the
pleasure of assisting some customers clean that up.

My $0.02 is to use Spamhaus and greylisting together. I've never had a
problem with Spamhaus and since I enabled greylisting on my personal
server I get maybe 2-3 emails a week that even hit my content filter
(Spam Assassin). Of those I get maybe 1 a month that slip by.

Corey

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://plug.org/pipermail/plug/attachments/20090409/e2f2f95d/attachment.bin 


More information about the PLUG mailing list