Zombie Spam Blacklists Return From The Dead To Make A Point
from the if-your-mail-isn't-getting-through... dept
I have to admit that I don't follow the "spam" world as closely as I used to, but I remember back around 2003, one of the hot topics was whether or not the various spam blacklists went too far at times. The anti-spam fighters behind those lists would often take a rather... inclusive attitude to putting IP addresses and address ranges into their lists, and plenty of giant ISPs relied on the judgment of those spam fighters by simply plugging in their lists. This often resulted in significant collateral damage, as perfectly legitimate emails would get blocked as coming from a "spam IP." Of course, those lists needed to change frequently, but at times, they would just suddenly disappear. That last link was about a popular anti-spam blacklist from Osirusoft that was shut down -- with its owners changing the settings to include all addresses. The idea was to make it clear to ISPs who didn't pay attention, to stop using the list, but in the meantime, think of all the damage?It looks like that same sort of thing may be happening six years later. Michael Scott points us to the news of another long-abandoned blackhole list, called blackholes.us, that was abandoned a couple years ago -- but which some ISPs still rely on. However, whoever now controls the nameservers where blackholes.us used to be, apparently decided to set up a new "list" that (again) includes the entire range of IP addresses -- so every query is returned as being a spammer IP.
Again, the idea is to force ISPs to stop using that blacklist -- and perhaps you can make the argument that (unlike the Osirusoft situation) these ISPs have had two years to stop relying on the "zombie" blacklist, but it still seems unwise to create so much collateral damage, just to force the issue.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: blackholes.us, blacklist, spam
Reader Comments
Subscribe: RSS
View by: Time | Thread
Disagree.
[ link to this | view in thread ]
I've seen both sides of this
The other side of this is I administer a members-only listserv which sometimes gets flagged as spam by various ISPs. Everyone on this list has to personally send me an email and I verify them to be a dues-paying member of a professional organization. Roadrunner is the latest SPAM Nazi to blacklist the ISP serving the list and their support people have no clue why. It left the members using that ISP no access to the list until they moved to Gmail or just left. For many of the older members, Gmail is to much for them to fathom (really, I'm not kidding).
I'm all for spam block lists, but I warn members to avoid ISPs that act unilaterally by denying stuff rather than just categorizing emails and putting them in a SPAM folder. Comcast and Hotmail also do weird things but they seem to be transient mistakes rather than anything permanent. And I still report spam to SPAMCOP.
[ link to this | view in thread ]
[ link to this | view in thread ]
I don't get it
[ link to this | view in thread ]
Re: I don't get it
New owners were sick of getting hit with the constant traffic, so decided to make the ISPs wake up.
Perfectly acceptable to me, so long as they tried to contact the ISPs first.
[ link to this | view in thread ]
Re: I don't get it
[ link to this | view in thread ]
There's much more here than meets the eye
More to the point, there exists a BCP document for DNSBLs that covers what to do in the case of DNSBL shutdown. Please see: "Guidelines for Management of DNSBLs for Email" which may be found at http://tools.ietf.org/html/draft-irtf-asrg-bcp-blacklists-05.
Unfortunately, in this particular case, the procedure outlined in that document won't work because the new holders of the address space don't have control over DNS for the old domain. Alternate solutions are being pursued, and it appears that Chris Lewis (one of the authors of that document and one of the handful of people who's been working in the anti-spam arena as long as I have) is aware of it and in communication with those folks, so I have some hope that a reasonable course should be followed.
Incidentally, the terribly misguided suggestion (upthread) that mail should be quarantined "in a spam folder" or equivalent should be ignored. It's a very bad idea and quite amateurish to use any kind of quarantine: all mail should either be accepted or rejected outright during the SMTP conversation. I've explained why at considerable length on the "mailop" list (see the archives) but the gist is that quarantines create far more problems than they solve, some of which are non-obvious.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: I don't get it
[ link to this | view in thread ]
Not buying
[ link to this | view in thread ]
Re:
I've always enjoyed watching people get thumped with large sticks ^_^
[ link to this | view in thread ]
Re: Disagree.
[ link to this | view in thread ]
Strange series of events
http://dilbert.com/strips/comic/2009-10-20/
[ link to this | view in thread ]
Re: Not buying
This matter has been discussed extensively in Usenet's news.admin.net-abuse.email, where a considerable number of further details are available. I would suggest that anyone considering a solution read the relevant articles in full before advancing their suggestion, as any number have already been put forth and summarily shown to be unworkable.
[ link to this | view in thread ]
Small correction
[ link to this | view in thread ]
Re: There's much more here than meets the eye
When you make a spam filter that is perfect, go ahead and reject all the spam. Until then, if the two choices are putting everything in my inbox or sending suspected spam to a spam box, I'll take the latter, thanks. Fortunately, mail providers are free to offer that service, and users are free to take it or leave it.
[ link to this | view in thread ]
Re: Re: There's much more here than meets the eye
There is a 3rd option - Put everything into the Inbox BUT flag the suspected spam so the user can see that you feel the message is spam. IOW: Any message that would be directed to the spam folder is still sent to the inbox but altered to show it would have been directed to the spam folder.
[ link to this | view in thread ]
Re: Re: There's much more here than meets the eye
I direct your attention to the archives of the "mailop" list, where several people (including me) have contributed our expertise to the discussion.
[ link to this | view in thread ]
About quarantines and that "mailop" list
I'm certainly willing to believe quarantines are not ideal, maybe even bad, e.g. while searching for your name +quarantines etc. I found your argument WRT to plishing (users are very bad at detecting it, and I'll admit that only extreme paranoia plus the low hit rate problem (I have only two bank accounts or credit cards) has steered me clear), but "very bad"?
I've always used systems with quarantines and/or suspicion marking and a pure "spam or not?" system would never satisfy me. Either too much genuine traffic gets scored as spam or too little (and I prefer the quarantine approach myself).
[ link to this | view in thread ]