From: David Schwartz [mailto:email@example.com]
Sent: Wednesday, May 23, 2001 7:10 PM
Roeland Meyer wrote:
> I don't need to check because I have a piece of confirmed spam
> from them. A
> smoking gun. That's the way MAPS RBL has been working for years.
> That is the
> way I expect it to continue to work. The main reason that I
posted to this
> thread is that some of the posts lead me to believe
otherwise. They were
I think you're missing the big picture. If you receive
a single piece of
spam from a site, that's not automatically grounds to block
the site. That's
a recipe for maximizing collateral damage.
So the receipt of a spam from a site is the beginning
of the process, not
Actually, I simplified the process. I agree with you 100% here. I don't have
the time for such an investigation therefore I use MAPS RBL.
> > Absolutely. Probe the machine that is of concern, not
> > whole blocks randomly.
> Also, only block the proven spam-host. No one else.
That's a more complex judgment. In most cases, I agree
that this is
appropriate, but I can think of (and have personally
witnessed) more extreme
circumstances. I've seen ISPs who say, "no, we like to spam
and we will spam
in the future". In those extreme cases, I'll block their
space from reaching my mail servers until their policy changes.
Another reason to use MAPS RBL.
> > No, its open-relay status is not irrelevant. If you
> > know a site is an open
> > relay, however you know this, and you want to block open
> > relays (which I do)
> > and it's my right to block open relays, then I will block
> > them. How I find
> > out they're an open relay is another story. The usual way is
> > you probe a
> > site when it becomes an actual problem.
> I submit that if you have a piece of spam, from a site, and
> them, why do you need to probe them?
Well, if you're blocking them because they're an open
relay and they say
they've fixed the problem, it's certainly reasonable to probe
them to decide
whether you should begin allowing mail from them. Or do you think it's
better to block them indefinitely just so that you don't 'trespass' by
I'm actually not advocating blocking all open relays. I am advocating
blocking all spammers, whether they have open relays or not. There are
actually open relays that a spammer can never use, because the open relay
site uses MAPS RBL. The are collateral damage, with ORBS. Show me how such a
site can be used by a MAPS RBL'd spammer. BTW, yet another reason to use
> > 3) Do you think it's unreasonable to block known open
> > relays as a
> > protection against future spam.
> Absolutely not. Our entire Norte Americano culture is biased
> AGAINST apriori
The following is a real good example of why I don't like argument by
analogy. Your analogy is broken. Let's deal with the issue directly. We
actually seem to be on the same side here or not very far apart.