SORBS Contact

so would you consider as it is my network, that I should

  > not be allowed to impose these 'draconian' methods and
  > perhaps I shouldn't be allowed to censor traffic to and
  > from my networks?

If you want to run a network off in the corner by yourself this is
fine. If you have agreed to participate in the Internet you have an
obligation to deliver your traffic.

don't let some third party you have no relation to determine the 'fate' of
your email/messages? with all blacklists you run the same risk, someone
else now controls the fate of your 'service'. Unless you have some very
large hammer to beat them with it's going to cause you pain eventually,
when they decide that ${PROVIDER} is 'gone black' or whatever they call it
these days... or they just fat finger some entry.

-Chris

So with all this talk of Blacklists... does anyone have any suggestions
that would be helpful to curb the onslaught of email, without being an
adminidictator?

Right now, the ONLY list we are using is that which is provided through
spamcop. They seem to have a list that is dynamic and only blacklists
during periods of high reports, then takes them off the list after a
short time...

Or am I just a little naive?

Robert Hantson
Network Operations Director
QBOS, Inc - Dallas Texas
www.qbos.com

So with all this talk of Blacklists... does anyone have any suggestions
that would be helpful to curb the onslaught of email, without being an
adminidictator?

Right now, the ONLY list we are using is that which is provided through
spamcop. They seem to have a list that is dynamic and only blacklists
during periods of high reports, then takes them off the list after a
short time...

Or am I just a little naive?

reference comment below about 'hammer to beat with' ... spamcop you
aren't paying for that 'service' right? So what happens when someone
reports someone you do business with? or messes up a report that affects
someone you do business with? "Oops! dropped your email due to a
thirdparty we let 'moderate' our email, sorry!"

you COULD monitor deliveries to unused addresses in your domain and
blacklist based on that... but that's a little dicey at times as well

There are simple solutions to this. They do work in spite of the
moanings of the few who have been mistakenly blocked. In the meantime
my patience with email "lost" in the sea of spam not blocked by
blacklists, etc. is growing thin.

I'm gonna hold up the "I call bullshit" card here. Recipients most certainly *can* get it wrong.

Things I've seen "reported as spam":

  - An autoresponse from "abuse@DOMAIN" telling the user that the e-mail they had JUST sent to abuse@DOMAIN had been accepted and was being fed to a human being for processing

  - Receipts for online purchases the user legitimately made

... and numerous other things just like this that, whether the user wants to call it "spam" or not, certainly is not "spam".

So yes, I would have to -- as much as it pains me in my heart of hearts -- agree with the Hotmail representative in your example. Users can and will get it wrong at the very least some small percentage of the time.

Cheers,
D

Fairly naive. Spamcop blacklists a lot of IP addresses that send
a lot of email that isn't spam. And some that send zero spam, by
any sane definition.

That doesn't mean to say it doesn't work for you, but don't mistake
a list that'll block a mailserver for a week on the basis of one or
two unsubstantiated reports as _safe_ solely because it will only
block it for a week.

Depending on your demographics SpamCop may have an acceptable
false positive level, but it's not a list I advise most users to use as it
regularly lists sources of large amounts of non-spam (such as, for
example, mailservers used solely for closed-loop opt-in email).
Despite that, though, it's quite effective if you're prepared to accept
the false positive rate.

You may want to look at the CBL or XBL if you're interested in a
very effective IP based blacklist with a very low level of false
positives. Not zero, but really pretty low.

Pretty much all the others have levels of false positives that are
bad enough that I wouldn't use them myself, though depending
on the demographics of your recipients they may be acceptable
to you. Using them to block mail to all recipients is likely to be
problematic in most cases. Some recipients who choose to use
it? Sure. As part of a scoring system? Perhaps. Blocking across
all users? Probably a bad idea in most cases.

Cheers,
   Steve

There are simple solutions to this. They do work in spite of

  > the moanings of the few who have been mistakenly blocked.

So it is OK so long as we only defame a few people and potentially
ruin their lives?

  > In the meantime my patience with email "lost" in the sea of
  > spam not blocked by blacklists, etc. is growing thin.

Hmm. Let me think a minute. Nope not buying it. I have already
given two simple solutions that don't involve potentially dropping job
offers, wedding invitations, letters from old sweethearts, and other
such irreplaceable email. Certainly it is impossible to guarantee all
mail gets delivered. But to intentionally make it worse by
deliberately deleting other people's email is arrogant and immoral.

On the other side what do we have for those falsely defamed? I
suppose we could psychically contact them to tell them their mail was
deleted. Certainly email won't be reliable enough after these guys
are done with it.

If they worked for the post office these guys would be in jail.

In the way you describe it any spam filter is bad any spam filter
manufacturer should go to jail...

I'm gonna hold up the "I call bullshit" card here. Recipients

  > most certainly *can* get it wrong.

Sorry I wasn't very clear. The results in the hotmail example were
where the users said it wasn't spam but hotmail insisted it was. It
is possible for a user to indentify non-spam as spam. But if a user
says it isn't spam then it isn't no matter how much it might look like
it might be. I have had this happend to me personally. Some of my
fellow admins at the time insisted some of my incoming mail was spam.
As it happened the mail (offering some telephone products) was
specifically requested.

Allan Poindexter wrote:

  > so would you consider as it is my network, that I should
  > not be allowed to impose these 'draconian' methods and
  > perhaps I shouldn't be allowed to censor traffic to and
  > from my networks?

If you want to run a network off in the corner by yourself this is
fine. If you have agreed to participate in the Internet you have an
obligation to deliver your traffic.
  

That's a very "interesting" statement. Here's my response, I'll deliver your traffic if it is not abusive if you delivery my non-abusive traffic. My definition of 'abusive' is applied to what I will let cross my border (either direction) - I expect you will want to do the same with the traffic you define as abusive, and I expect you to and support your right to do that.

There are simple solutions to this. They do work in spite of the
moanings of the hand wringers. In the meantime my patience with email
"lost" silently due to blacklists, etc. is growing thin.
  

Anyone using SORBS as I have intended and provided (and documented) will/should not silently discard mail.

If anyone asks how to silently discard mail I actively and vigorously discourage the practice.* In fact because I disagree with that even in the case of virus infected mail I patches my postfix servers to virus scan inline so virus infected mail can be rejected at the SMTP transaction. RFC2821 is clear when you have issued an ok response to the endofdata command you accept responsibility for the delivery of that message and that should not fail or be lost through trivial or avoidable reasons - I consider virus detection and spam as trivial reasons - if you can't detect a reason for rejection at the SMTP transaction, deliver the mail.

Regards,

Mat

* except in extreme/unusual circumstances - for example, there are 2 email addresses that if they send mail *to* me, they will get routed to /dev/null regardless of content.

  > There are simple solutions to this. They do work in spite of
  > the moanings of the few who have been mistakenly blocked.

So it is OK so long as we only defame a few people and potentially
ruin their lives?

That's quite a stretch there, bub. "Defame" means that it is somehow
misrepresented as true, factual information. Publicly accessible (and
non-mandatory) blacklists are opinions, not portrayed as fact by any
stretch of the imagination.

  > In the meantime my patience with email "lost" in the sea of
  > spam not blocked by blacklists, etc. is growing thin.

Hmm. Let me think a minute. Nope not buying it.

If your inbound mail isn't at least 30% spam (or blocked spam
attempts) these days, then you haven't been using the Internet long
enough. I have better things to do than pass that 30% of mail
traffic. The spam can FOAD as far as I care, and if there is a
problem of a mistake with something improperly blocked, it is fixable
(and takes a lot less maintenance time than dealing with the spam
tsunami).

Sorry, but those of us who have actually done this sort of thing for a
living for a while know quite well why not every network can implement
bayes-ish "Report Spam" button schemes (which are inaccurate anyhow,
as you've pointed out), nor simply present all actual spam to the
users (who would be flooded with well more than 30% in some cases --
there are in-use mailboxes on systems I've managed that would be above
99% spam if the spew weren't blocked at the gate).

It's either lack of industry experience on your part, or you're yet
another troll for a "list renter" or bulker -- which is it? Based on
earlier statements of yours, I would give you the benefit of the doubt
and assume the former. However, you just had to pull out the "defame"
word in a completely invalid grammatical and legal context, so I'm
starting to hedge bets on the latter.

In the way you describe it any spam filter is bad any spam

  > filter manufacturer should go to jail...

Manufacturer? No. It is perfectly permissible for a recipient to run
a filter over his own mail if he wishes.

Jail? Not what I said. I said postal workers couldn't get away with
this behavior. The laws governing email are different. BUT:

    They aren't as different as is generally believed. Go read the
    ECPA sometime.

    Being legal isn't the same thing as being moral. The world would
    be a better place if people started worrying about doing what is
    right rather than only avoiding what will get them in jail.

If I seem testy about this it is because I am. A friend of mine with
cancer died recently. I learned later she sent me email befoe she
died. It did not reach me because some arrogant fool thought he knew
better than me what I wanted to read. And it isn't the first time or
the only sender with which I have had this problem. I have had plenty
of users with the same complaint as well.

I have in the past considered this antispam stuff "ill advised" or
"something I oppose". Expect me to fight it tooth and nail from now
on.

Sorry I wasn't very clear. The results in the hotmail example were
where the users said it wasn't spam but hotmail insisted it was. It
is possible for a user to indentify non-spam as spam. But if a user
says it isn't spam then it isn't no matter how much it might look like
it might be.

Phishing spam leaps immediately to mind as a counterexample; the fact that
the user mistakes it for legit mail is exactly the problem.

hit "D" now, i've been trolled.

apoindex@aoc.nrao.edu (Allan Poindexter) writes:

... I have one email address that has:

...

In short it should be one of the worst hit addresses there is. All I
have to do to make it manageable is run spamassassin over it.

may the wind always be at your back. my troubles are different than yours,
and i hope i can count on your support if i feel compelled take more drastic
measures than you're taking. especially since one of my troubles is about a
moral issue having to do with mutual benefit. if an isp's business success
depends on them using access granted under an implied mutual benefit covenant
and they decide to operate in a sole benefit manner, they can't expect me to
continue to accept their traffic or their customer's traffic. simpler put,
i won't run spamassassin to figure out what might or might not be spam after
i receive it -- i'll just reject everything they send me.

just because i think the linux kernel people are insane when they illegalize
binary or proprietary kernel modules, doesn't mean i'm ready to live in a
world where anyone on the internet can shift their costs to me with impunity.

but i respect your right to treat your inbox as you see fit. can you say the
same about me and my rights and my inbox, mr. poindexter?

That is the mildest of several measures I could use to fix the "spam
problem". If it became truly impossible I could always fall back to
requiring an address of the form "apoindex+<password>" and blocking all
the one's that don't match the password(s). That would definitely fix
the problem and doesn't require any pie in the sky re-architecting of the
entire Internet to accomplish.

if you wish to accept those costs, i hope noone opposes you. but i'm not
willing to live that way, and i hope you won't try to force me to?

For almost a decade now I have listened to the antispam kooks say that
spam is going to be this vast tidal wave that will engulf us all.

that would be me, and it has.

Well it hasn't. It doesn't show any sign that it ever will. In the
meantime in order to fix something that is at most an annoyance people
in some places have instigated draconian measures that make some mail
impossible to deliver at all or *even in some case to know it wasn't
delivered*. The antispam kooks are starting to make snail mail look
good. It's pathetic.

that paragraph seems to be semantically equal to "shut up and eat your spam"
so i hope i'm misinterpreting you. otherwise, it's your word, "pathetic".

The functionality of my email is still almost completely intact. The
only time it isn't is when some antispam kook somewhere decides he
knows better than me what I want to read. Spam is manageable problem
without the self appointed censors. Get over it and move on.

damn. i've been trolled. sorry everybody.

> In the way you describe it any spam filter is bad any spam
> filter manufacturer should go to jail...

Manufacturer? No. It is perfectly permissible for a recipient to run
a filter over his own mail if he wishes.

An RBL is in fact kind-of like spam filter manufacturer or more precisely
RBL operator is like spam filter manufacturer. I've not heard of antispam
product manufacturer ever being in court because of spam classification
problems with their product; in fact I've not even seen successful case brought against Microsoft and we do all know how much spam comes through because of deficiencies in their product...

In any case I think what you have a problem with is not RBL lists or anti-spam filtering but situation where lists and filters are used without your knowledge and approval by your ISP[*] to filter your mail.
My suggestion to you is to either have your own domain and run your
own filtering system or to choose an ISP that provides you with
capabilities to control their spam filter, for example by way of
using SIEVE scripts.

[*] I do want to point out though that if domain is owned by ISP
they can decide what rules to set for their users. Any email address
you get within that domain is not really "yours" but basically you're
"licensed" to use that address as long as you pay your service fees
and agree to policies and rules of the ISP (and license is in fact
correct term because often enough company would have a trademark on
their name and so when you use email address with such a name you
need their permission, i.e. a license).

I have in the past considered this antispam stuff "ill advised" or
"something I oppose". Expect me to fight it tooth and nail from
now on.

You need to understand first who to fight.

This is also why I took the time to create:

    <http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt&gt;

The reason I do not like RDNS naming scheme is because it forces
one particular policy as part of the name. This is absolutely not expendable and incorrect architecture as RDNS is general concept
for use with any number and types of protocols. What needs to be
done is that policy record is associated with an address or name
itself. The record can be a policy for specific protocol or maybe
a general records that can support policies for multiple protocols.

My preference is that you lookup RDNS name and they do additional lookup when you do need a policy information (this can for example
be done with SPF record). Others have advocated putting policy
record as TXT directly in IN-ADDR zone which is ok as well though
I think PTR name is better because it allows to collect related
names together and list with one policy (kind of like common
static name schemes in fact).

The idea being a common but extensible naming scheme for organisations
want to specify generic/generated records rather than go to the hassle of creating individual records for each customer/host.

If you generate a record you might as well generate some other record
to go along with it, not that difficult.

There is one very key point to make in this,
use of *any* RBL is up to individual networks, no one makes anyone use
them, and those that do must know and accept all risks involved when
dealing with DUL's, SORBS operates a zone 'just for vernom' as well,
just like spamcop and njabl and others, but if a network like many I can
name want to use the full coverage , that is up to us, we know the risks
and believe it does more good, EVERYTHING will have collateral damage
and we know and accept that.

[...] This is also why I took the time to create:

http://www.ietf.org/internet-drafts/draft-msullivan-dnsop-generic-naming-schemes-00.txt

Why is this information being encoded into the regular PTR records that already have another purpose, thus reducing its usefulness? It seems the only purpose is as a bandaid over dumb SORBS policy.

Create a new SPF-like record if you want *additional* information in DNS. Don't clobber an existing service.

There are things in the works that will enable the most complained about aspects of SORBS to be fixed and to go away permanently... The only thing that is delaying it is developer time... So I will say this publicly - those that want to see drastic changes @ SORBS that are, or have access to a perl coder with SQL knowledge, and is able to spend 20-40 hours of pure coding time writing a user interface for user permissions & roles in Perl contact me off list as the user interface is the only thing that is holding up moving to the beta stage of the SORBS2 database.

I have the skills and time, but zero inclination to support SORBS. In fact, I think I'll hack my mostly-default SpamAssassin configuration to ignore SORBS. Grepping mailboxes for the SA tag suggests that SORBS makes no difference in detecting spam, and it tags a number of legitimate correspondents, including, it appears, Spamcop at 204.15.82.27. (I'm going by the tags SA added to the message since I can't get past the CAPTCHA on your website to query that address.)

Blacklisting competitors is a low and dirty trick.

I'm not picking on William here; his message was just the last I saw
in this thread which has gotten way out of hand.

I have not discussed this thread with my fellow list admin team
members either, though we can do that...

But it would make our (the list admin team's) lives easier, as well as
the lives of everyone else who reads nanog@, if people would REFRAIN
FROM REPLYING to this thread and take it to a forum that specializes
in generating bits by flaming about RBLs.

Thank you in advance for your forbearance,

                                        ---Rob (member of nanog-admin, the
                                               nanog@nanog.org list admin team)