Re: OT: fighting rbl's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Aleksandar Milivojevic wrote:
Anyhow, in my personal experience, using RBL lists for detecting dial-up pools for purpose of blind blocking is very bad idea. Those lists are impossible to be made accurate. It is trivial to find examples of dial-up pools not listed in those lists,

I am not aware of any list that claims to list *all* dial-up pools. Refusing mail from the dial-up pools of large ISPs is very effective at reducing spam. However, greylisting probably works better for these cases (generally trojanned Windows boxes that are open proxies rather than open relays that will retry).


and to find static ranges that are incorrectly listed (mostly small companies that own small number of IP addresses, larger companies that own at least entire C class are usually spared).

Having reverse DNS with a non-generic-looking name is also a good way of demonstrating that the IPs are static rather than dynamic.


Dial-up pools RBL lists have too much false positives and false negatives to be usefull on their own.

The false positives are usually hobbyist Linux users that know how to work around the problem though.


The reason is that ISP can use IP ranges it owns however it wants (which is perfectly OK, nothing wrong with it). ISP has no obligations to inform anybody what IP ranges it uses for dial-up pools, and what ranges it uses for customers who pay extra for static IP (this is perfectly OK too). It can move entire C class from dial-up pool to static customers without informing anybody, and it can do the other way around too. Said that, I am not aware of a single ISP that will publish such information, and some ISPs will not give you that information even if you ask for it.

Last week, over on SPAM-L, an Israeli ISP listed their dynamic IP range and *requested* that everyone block it until they could get their outgoing port 25 block in place.


AOL's dynamic ranges are available to see at http://postmaster.info.aol.com/servers/dialup.html

Most of the entries in the MAPS DUL are provided by the ISPs themselves.

Said that, the only place where dial-up RBL list is of any use are score based anti-spam tools (such as SpamAssassin). If you assign small score, it will not block emails by itself, but it will make contribution to the big picture. Add AWL to the mix, and dial-up RBL lists become actually usefull. For anything else, *do not* use them. You'll end up blocking legitimate email. Such as emails from the OP.

*Any* list can be prone to blocking legitimate mail. Some more so than others. It's up to each mail admin how they want to trade off their false positives/false negatives/processing time per message. I score the SORBS DUL list highly on my spam filter and it works for me.


As the OP actually has a static IP, the real solution for that should be to get the incorrect listings fixed, rather than stopping using dynamic IP lists altogether.

Paul.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux