Next message: Andreas Winkelmann: "Re: maildrop: signal 0x0B"
Covington, Chris wrote:
> RBLs were most effective at a time when most spam was received directly
> from a trojanned PC, or from an open relay, and the RBLs were intended to
> be used for a complete REJECT on their listing basis alone. Nowadays
> RBLs are losing more value when you consider that more and more ISPs are
> forcing their users to relay through the ISPs' smarthosts and/or using
> SPF / Caller ID.
Think a few conditional statements are missing here and there in your
sentence.
What is measured now is that the amount of spam emitted in direct-to-MX
from trojaned machines (PCs or webservers doesn't make much difference)
is still overwhelming the amount of spam relayed through in some other way.
> I suppose a thoughtful RBL would carefully avoid
> listing ISPs' smarthosts, but it seems many RBLs are auto-fed without any
> provisions for this problem.
Sure. But the choice about which DNSBLs are good enough for blocking is
a duty of the administrator of the SMTP server, not of the DNSBL admin...
One expects that "Administrator" or "root" are not just words that make
people feel important...
> It could also be RBLs' intended usage has changed & we as users have
> missed the flag day to now use them in a different, more complex &
> CPU-intensive way IE - give RBLs specific value in our UCE systems
> (especially avoiding pure SMTP REJECTs on the basis of a single RBL).
It could be, but maybe we all must think and decide which is our target.
Do we want to "stop to *see* spam"?
Or do we want to "stop spam"?
When a machine is listed by a DNSBL like XBL (and/or one of its
components) it is because the machine with that IP (or the network
NATted by it) has serious security problems.
Seeing his mail (or his customer) rejected due to this brings the
administrator to know of them, and -sometimes, sadly- fix'em.
What is going to happen when we all start ignoring these issues and
*just* think about our mailboxes?
