public blacklists

Scot L. Harris webid at cfl.rr.com
Wed Dec 8 19:13:11 UTC 2004 

On Wed, 2004-12-08 at 13:03, David Cary Hart wrote:

> This was a fairly lengthy treatise. The bottom line is that: 
> 
> 1. Any delay in receiving any email may be costly.

This is a matter of educating users IMHO.  Email is not guaranteed to be
delivered even without greylisting, there are many things outside the
senders and recipients control that can prevent email from getting where
it should.  Any processes built around email should account for that. 
And any really important email being sent should be followed up by a
phone call or possibly sent via fax or some other method which does have
guaranteed delivery.  

Of course your particular environment may be dictating this reason.  If
so how do you guarantee timely delivery of all email?

> 2. The same result can be achieved with other methods that do NOT cause
> a delay with far less maintenance time associated with whitelisting. 

I would be very interested in these other methods.  Seriously!  

I believe the newest version of sendmail has implemented a delay feature
which effectively blocks the vast majority of zombies as they tend to
just push handshake as fast as they can.  But what other methods are
available that are as effective as greylisting?  

I have also found the maintenance for greylisting to be minimal.

> 3. Ultimately, much (if not most) spam is the result of user behaviors.
> Those can be successfully modified to stop spam at the source.

Other than starting with a new email address and telling people not to
share it with anyone how do you modify a users behavior to prevent spam?

A lot of the spam I have seen is sent to randomly guessed accounts in
the domain of the email server.  Bad stuff if you have a catchall
address.  :)  

Have also seen accounts used that have been deactivated for many years. 
They just keep using the same mailing list to send spam.

Once am email address leaks out there is no way to reclaim it spam
free.  Several years ago I wondered what all the fuss was about spam. 
My home email account rarely if ever has any spam sent to it.  Then a
couple of years ago it started coming in waves.  Found out that my ISP
had lost control of mail server (can we say hacked?) and it was after
that point that the spam started coming through by the hundreds.

> 4. Spam engines are already being engineered around the scheme.

Well have not seen any significant increase in spam since implementing
greylisting.  I was also worried that this would be a short term thumb
in the dike.  But so far it has held up quite well for over a year now. 
I expect it to be effective for sometime to come.  Of course if/when the
zombies are re-written to get around this you combine greylisting with
some of the realtime block lists.  The idea is that when you first see
the message you greylist it.  By the time they come back around you
check the block lists and you will probably find them on one of those so
you reject the message completely.  Of course you would need to use a 15
to 30 minute delay in that case but then this would be for initial
contacts and unsolicited email.  You would have all your known
correspondents in your whitelist. :)


-- 
Scot L. Harris
webid at cfl.rr.com

Nothing is ever a total loss; it can always serve as a bad example.

More information about the fedora-list mailing list