Best of the ISP-Lists

General

Examining the Black Hole

Members of the ISP-Webhosting list discuss the ever-thorny problem of blocking spam and dispute—mostly politely—the relative merits of the various solutions.

[February 27, 2003]

After apologizing for repeating a question that had been asked before, IL asked the ISP-Webhosting list:

"Are there any new RBL lists about there? Which ones do you use and find blocks the most e-mail? Which ones overlap and are redundant?"

There were many different anti-spam solutions in use.

[RP said] "I use the ORDB RBL and that's it, but I also use SpamAssassin with the ORDB."

[TU suggested] "The SBL and Spamcop are fairly conservative, and generally have a low casualty rate. Never use SPEWS. You'll lose a lot of legitimate mail. They've blacklisted large portions of IP space."

[IL said] "Here's what I use currently:

proxies.relays.monkeys.com
relays.ordb.org
blackholes.wirehub.net
dynablock.wirehub.net
relays.visi.com
orbs.dorkslayers.com
socks.relays.osirusoft.com
relays.osirusoft.com
bl.spamcop.net

Any comments? I am going to call AOL now because some dialup users are trying many unknown users on our severs. I wonder why."

[JK replied] "That's a dictionary attack. It happens about a zillion times a day. So if you actually get someone on the phone from AOL who cares, or who can, will, and does do something about it. Then let us all know who you talked to and what their number is!"

Respondents began objecting to previous recommendations.

[MA argued] "I disagree on SPEWS. I think it's a worthy tool. What I really need is a great white listing tool. If you get a negative response from a user, you need to take the time needed and work closely with SPEWS."

[AS complained] "I have to disagree with the glowing recommendation of SpamCop. In my experience, SpamCop is impossible to work with. For example, a typical hosting client of ours, who also happens to have their mailserver accounts with us (as 99.9 percent of our webhosting clients do), receives a spam from who knows where (not via us nor another client of ours). He dutifully reports it to SpamCop, who decide in their infinite wisdom that it must be us who are the culprits because our mailserver appears in the headers! (Well, of course our mailserver is in the headers, because that client's e-mail goes through our mailserver, for goodness sake!).

This has happened so many times and with so many clients it is not funny. No response from SpamCop whenever we have raised the issue with them. This has been an issue for at least 2 years. I cannot support any glowing recommendations of SpamCop."

[DM suggested] "This URL might be helpful. "

[ed. note: The Web page reference does admit that there are bugs in the SpamCop algorithm, and notes that some (but not all) have been fixed.]

—End