?

Log in

No account? Create an account
Ramblings Journals I Read Calendar The Dirt MegaZone's Waste of Time Older Older Newer Newer
I've always thought email spam blacklists were stupid ideas... - MegaZone's Safety Valve
The Ramblings of a Damaged Mind
zonereyrie
zonereyrie
I've always thought email spam blacklists were stupid ideas...
I've always thought that using blacklists to null route spam was a really, really dumb idea. Using them to score email - fine. Using them to delete email sight unseen - you should be fired unless it is your private server and no one else needs it. Especially because of the reputation many of the lists have - SPEWS in particular was one I would always hear shit about. Easy to get listed, even on flimsy evidence, hard to be delisted. And there is a lot of 'religion' involved - people running the lists seem to believe they're on a holy crusade and the cause of stopping spam justifies all the collateral damage. For that matter, they're ALL ABOUT collateral damage. Just like terrorists (yes, I am using that deliberately and not just off-handedly) they go for area effect, harming innocent users to use them to pressure and shame the ISPs into doing something about what is usually just one user. And often the spammers are hit and run anyway.

So, anyway, SPEWS/Osirusoft is shutting down - apparently due to lawsuits, DDoS attacks on their servers, etc. OK, fine, so Joe Jared is taking his ball and going home. That's his right.

But as one last act of pissing in the pool, he didn't just turn off the blacklist - he blacklisted THE WORLD! No, not the ISP, the entire net! 0.0.0.0/0! EVERY MAIL SERVER ON THE NET! One big "FUCK YOU ALL!" on the way out the door. Why is this is problem? Because a lot of admins had, stupidly IMHO, configured their servers to automatically obey the SPEWS list and black hole all email from the listed servers. So any server using the list thusly started refusing ALL email. Additionally, SpamAssassin, an application used by many, can be configured to blindly use the SPEWS list. Or it can be used to score email. Well, everyone using SpamAssassin with SPEWS was hit by this as well.

This should be a wake up call for mail admins, and users of filter software, don't blindly obey blacklists. You're handing over control of your server to someone who may have the ethics of, I don't know... someone who is willing to trash email net wide. I can't really think of a good comparison. As far as I'm concerned, this is *worse* than what the average spammer does.

I am: dumbfounded
Current Media: The Sisters of Mercy - Lucretia My Reflection

2 STDOUT || STDIN
Comments
azurelunatic From: azurelunatic Date: August 27th, 2003 02:43 pm (UTC) (Direct Link)
Having never heard of SPEWS before, I immediately thought of S.P.E.W. from Harry Potter...
From: iwascaite Date: August 27th, 2003 06:41 pm (UTC) (Direct Link)
Telling the truth, I have absolutely no idea whether my filtering is affected by this. I did take several precautions when setting up the filtering. I only filter email that is sent to a public address or that is misaddressed somehow. No big loss there. The rest the email boxes I can handle personally. There were some difficulties before I managed to get size restrictions in place (I spit on the designers of qmail.)

And, er, um, if it had been me taking my ball and going home? Damn straight I would have done the same thing. Serves everyone right. Anyone who was stupid enough to dump email on one person's say-so deserves what they got. It would be the final lesson. [I am the embodiment of evil, naturally.]

And by the way, issues like this are the reason you hire professional computer scientists, not people who read Web Design For Idiots. What you want is someone who can analyze the drawbacks to a situation and minimize the negative impacts before they occur.
2 STDOUT || STDIN