[BlueOnyx:21404] Re: Solarspeed RBL blacklist

Chris Gebhardt - VIRTBIZ Internet cobaltfacts at virtbiz.com
Thu Sep 21 09:23:07 -05 2017 

Hi Michael,

This seems like an interesting proposal.   I can see some real benefits 
to cutting down on the junk email traffic.

We provide a pretty "soup to nuts" range of services here at VIRTBIZ, 
but probably the thing that takes more support resources than anything 
is email.  It's hard to go a day without hearing from a customer.  Do 
more filtering. You filter too much.  Email doesn't come fast enough. I 
forgot my password. Again.  Customer gets locked out for tripping a 
firewall rule.  The list goes on.

Given this, and coupled with how "fragile" the email experience can tend 
to be, I wanted to offer some words here (as I'm often given to do.) 
Please do not misinterpret my remarks.  I'm not anti-RBL.  Let's say 
that I'm more like pro-GOOD-RBL.

> After optimizing some existing SpamAssassin rules (and creating new
> ones) I managed to cut the leakage down a bit. However, I started to
> think about starting my own RBL and to tie that into SpamAssassin, which
> is fairly simple.

I've thought about doing something similar for years.  The management of 
the list is what has prevented me from doing so.   This has a lot to do 
with philosophy on how such a list ought to be managed, and I'll share 
mine for whatever it may be worth.

There are a lot of RBLs out there.  Just as a window into our side as a 
service provider, we continuously monitor a little upwards of 10,000 IP 
addresses across 112 RBLs.

There are the well-established and highly-organized lists such as 
Spamcop.net, SpamHaus, SORBS, UCE-Protect, Barracuda RBL and so forth. 
These lists often have (relatively) clear criteria for listing as well 
as a process for delisting.

Then there are others that will list an IP seemingly at their whim. In 
some cases you can make contact with the person/organization behind the 
list, and in others it is a complete black-hole.  The old APEWS/ASPEWS 
list comes to mind, although there are countless others. I call these 
"vigilante lists."

As an admin working to clean up a listing, it's hardly a mystery as to 
which sort of list I prefer working with.

As an admin working to keep inbound email as spam-free as possible, I 
can tell you that when I'm evaluating RBLs for use in scoring or 
rejection, I don't tend to trust the vigilantes.

While the very nature of SPAM prevention is, by necessity, somewhat 
"black box", there must also be some sort of "rule of law".  Why? 
Because at some point I will most likely have to answer to a customer 
when some email that they consider to be important gets blocked.  It's 
going to happen.  And when it does, I need to be able to point to a 
defensible reason better than "there's a guy that says another guy is a 
spammer."

In the best case I could say "The reason the email was rejected is 
because the sender is using a server on the XYZ blacklist.   Click this 
link that will show you the reason(s) for (possible) listing, the 
evidence they collected and instructions for that server administrator 
to follow."

And all that is the reason that I haven't gotten into the RBL business. 
There is a certain amount of responsibility that comes with publishing 
and managing an RBL that I have not yet been willing to contemplate.

Of course, a lot of that could be handily remedied with a few webpages 
describing the list.  If it could include some automation (ie: lookup 
why your IP was listed, what the evidence is against it, petition for an 
automated or moderated de-listing) that would really make it a top-notch 
offering.  I've not (as of yet) been willing to make the investment in 
time that would require.

This isn't meant to throw cold water on a great idea.  I offer this as a 
bit of perspective from the service provider end of things.   I think 
the list is a very compelling idea with a lot of potential.   Your plan 
is to offer a list and let individual admins decide for themselves if 
they want to use it or not, and each admin will have their own decision 
making process.  I think that's great.  AV-Spam offers a lot of powerful 
options, and the best combination of those options will tend to vary on 
a case-by-case basis.

Humbly submitted...

-- 
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ

More information about the Blueonyx mailing list