MegaZone (zonereyrie) wrote,
MegaZone
zonereyrie

  • Mood:
  • Music:

I've always thought email spam blacklists were stupid ideas...

I've always thought that using blacklists to null route spam was a really, really dumb idea. Using them to score email - fine. Using them to delete email sight unseen - you should be fired unless it is your private server and no one else needs it. Especially because of the reputation many of the lists have - SPEWS in particular was one I would always hear shit about. Easy to get listed, even on flimsy evidence, hard to be delisted. And there is a lot of 'religion' involved - people running the lists seem to believe they're on a holy crusade and the cause of stopping spam justifies all the collateral damage. For that matter, they're ALL ABOUT collateral damage. Just like terrorists (yes, I am using that deliberately and not just off-handedly) they go for area effect, harming innocent users to use them to pressure and shame the ISPs into doing something about what is usually just one user. And often the spammers are hit and run anyway.

So, anyway, SPEWS/Osirusoft is shutting down - apparently due to lawsuits, DDoS attacks on their servers, etc. OK, fine, so Joe Jared is taking his ball and going home. That's his right.

But as one last act of pissing in the pool, he didn't just turn off the blacklist - he blacklisted THE WORLD! No, not the ISP, the entire net! 0.0.0.0/0! EVERY MAIL SERVER ON THE NET! One big "FUCK YOU ALL!" on the way out the door. Why is this is problem? Because a lot of admins had, stupidly IMHO, configured their servers to automatically obey the SPEWS list and black hole all email from the listed servers. So any server using the list thusly started refusing ALL email. Additionally, SpamAssassin, an application used by many, can be configured to blindly use the SPEWS list. Or it can be used to score email. Well, everyone using SpamAssassin with SPEWS was hit by this as well.

This should be a wake up call for mail admins, and users of filter software, don't blindly obey blacklists. You're handing over control of your server to someone who may have the ethics of, I don't know... someone who is willing to trash email net wide. I can't really think of a good comparison. As far as I'm concerned, this is *worse* than what the average spammer does.
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 2 comments