The spammers are winning (was RE: [TriLUG] Port 25 blocked)

Rick DeNatale rick at denhaven2.homeip.net
Tue May 18 19:38:47 EDT 2004


On Tue, 2004-05-18 at 15:21 -0400, Jason S. Evans wrote:
> Gmail was also having a lot of trouble with Yahoo Groups, but after
> "learning" for a couple of weeks, that finally got fixed.

I'm not sure I follow you. In the case of RBLs (Spamcop in particular
and probably others) there's no learning, it goes something like this:

A1) Someone reports an IP address as a source of spam, so Spamcop
blackholes it for some period of time.
A2) If more folks report the same IP address the penalty box period gets
extended.
A3) Yahoo sends someone an email via a server which has been reported in
step 1.
A4) The recipient's isp checks the spamcop list, finds the server and
hard bounces it.
A5) Yahoo sees that mail to the recipient is bouncing and suspends
sending mail to that recipient.
A6) Yahoo periodically tries to get an re-validation email through to
said recipient.
A7) Eventually #6 gets through because either the yahoo server got out
of the penalty box, or used a different server which wasn't in the
penalty box. 
A8) User (me), checks yahoo's bounce history and realizes that #1 has
occurred.

Now the problem with all this is:

B1) Spamcop warns ISPs against using spamcop in the manner of step A4,
however many ISPs (including some of the largest) disregard this warning
and see a reduced load on their servers because they are THROWING MAIL
AWAY. Then they can't be convinced that this is a bad thing. They think
that they are successfully blocking lots of "spam" while getting few
complaints from their users.  Now the problem with this analysis is that
most users don't even know they didn't get all their mail since the isp
is THROWING MAIL AWAY.  If they used the RBL as an INDICATOR that an
e-mail might be spam, and marked it thus, then of course they'd see more
load on their servers. Note that other spam tools like SpamAssassin, can
be configured to use such RBLs but only as one of several symptoms of a
message being spam.

B2) As evidenced by the large amount of email which makes it through the
gauntlet thrown up by my ISP, but which gets caught by my local
SpamAssassin filtering, A4 is not very efficient in actually removing
spam from the stream.

B3 )The senders like Yahoo, don't see it as their problem, if you
approach them about it (if you can even find them), they'll just tell
you to talk to your ISP. see B1.

B4) The net result is that the internet is starting to get balkanized.


> On Tue, 18 May 2004 13:38:52 -0400, Rick DeNatale
> <rick at denhaven2.homeip.net> wrote:
> > 
> > So far, my ISP still allows port 25, which is good because they also use
> > draconian "spam" filtering on incoming mail to their servers.  For
> > example:
> > 
> > * Mail from Yahoo groups which goes to my isp account frequently stops
> > because is using a server which is on the Spamcop RBL.
> > 
> > * I'm continually running into mailing lists which are also on one of
> > the RBL's which my ISP uses to trash incoming mails.  This prevents my
> > getting the confirmation e-mail when I try to sign up. IIRC I had this
> > problem with this mailing list, as well as several of the sourceforge
> > lists.
> > 
> > I tried real hard to convince my ISP that throwing away email on this
> > basis wasn't a good idea, but failed. That's why I set up a local mail
> > server.  I just hope that they keep port 25 open.
> >




More information about the TriLUG mailing list