I find this *really* annoying

Derek Martin invalid at pizzashack.org
Thu Apr 7 15:15:01 EDT 2005


On Thu, Apr 07, 2005 at 02:04:46PM -0400, Paul Lussier wrote:
> Why is SORBS a good thing?  Oh, right, because though I've had the
> same IP address for over a year, I *might* not have it tomorrow, and
> preventing the majority of well-intentioned folks from legitimately
> sending mail from one MX to another will drastically cut down on the
> amount of spam being sent, since this reduces the number of IP
> addresses a malicious spammer could use.

You're not going to ge a lot of love around here for complaining about
being blacklisted by SORBS.  You'll probably get a few responses
saying that if you want to run your own mail service, you should be
forced to pony up an arbitrary amount of extra cash for business-class
service with a permanent static IP.  And if you don't want to pay all
that extra cash, because you don't need the SLA and extra services
that comes with it, that's tough noogies for you.   Many spam haters
feel that spam should be blocked at all cost, regardless of who gets
trampled in the process.  So you loose.

But I'm with you man.  I hate spam as much as anyone but I think SORBS
is totally bogus.  It doesn't truly solve the problem, and innocent
people are damaged in the process.  Spammers have money, and have no
problem paying for their own static IPs.  The vast majority of
home-user-originated spam is coming from compromised Windows systems
that aren't running a legitimate mail service in any sense of the
word.  You wanna protect against that?  Fine... do it by checking that
the machine in question isn't registered in DNS as a bonifide e-mail
server for the sender domain.  If it is, and if it's abused, go ahead
and block that domain.  Do it by having outgoing mail servers
cryptographically sign messages with keys registered in DNS, and
reject mail if the signatures don't match, or if the domain is known
to mass mail spam.  But DON'T do it by blocking everyone in the known
world who wants to run their own legitimate, non-spam-generating mail
service on a reasonably-priced home connection.  That's just wrong,
and totally unnecessary, and only partially effective.

People will no doubt make the argmuemnt that most of the service
providers have TOS agreements that prohibit servers, and as such those
mail services aren't legitimate.  But TOS agreements are between the
service provider and the customer, and as such ARE NO ONE ELSE'S
BUSINESS, PERIOD.  These agreements  exist so that if one party
(usually the consumer, who has limited resources and virtually no
negotiating power in today's commercial markets thanks to the
prevalence of near-monopoly power) does something that causes the
other party (the service provider) grief, the agreement can be
terminated and/or other restitution can be demanded. If the service
provider tolerates a customer running services, it must be because the
customer isn't using the service in a way that is causing any grief.

The argument can (and should) be made that one should not be forced to
accept mail from anyone they don't want to.  That's certainly true.
But I agree with the many spam experts who say that using black hole
lists as any sort of be-all-end-all in deciding to accept a given
piece of e-mail is ill advised...  If used at all, RBLs should be used
as a PIECE of the decision-making process, but NOT the sole decision
factor.  Otherwise, you're much more likely to be blocking legitimate
mail.  And today you have been a victim of that in action.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail.  Sorry for the inconvenience.  Thank the spammers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20050407/69e50004/attachment.bin


More information about the gnhlug-discuss mailing list