What are your thoughts on.....

In article ,
Peter Duniho wrote:

You have no clue about what you're talking about. [...]

I don't know why you've decided to elevate this straight to "flamewar".
I agree that the fallout from spam (false positives especially) is
reaching unacceptable levels. Don't be so quick to condemn those who
have been burned by insufficient filtering who have resorted to stronger
measures. Just because you don't need them (on the scale of your own
personal inbox) doesn't mean they're useless.

There is plenty of collateral
damage from IP blocking, but the cause of those blocks is usually ISP
supported spam.

Baloney. I receive practically no email from anyone using an ISP that
supports spam.

How would you even know? And besides, I said "collateral damage". I'm
including the case where small ISPs have IP blocks that are near known
spammers and overzealous blackhole list admins hit them too.

Do you really believe that Ben or his ISP at rrcnet.org have blocked the
optonline.net domain as a spamming network legitimately?

That's a loaded question, you just spent the rest of your message ranting
about how the blocks are never legitimate. The server in question is
listed on 4 out of 31 blackhole lists at the moment. The policies of
at least a few of those require that actual spam come from the actual
server to one of their traps. I wouldn't use them at blacklists because
I find their policies too extreme. But then again I only process tens of
thousands of junk email messages a day, probably a few orders of magnitude
below a medium sized ISP.

--
Ben Jackson

http://www.ben.com/

Peter Duniho wrote:

You have no clue about what you're talking about. The reason that I had my
ISP disable the black-hole list was that domains such as aol.com,
comcast.com, and cox.net were being blocked. These are all "respectable"
ISPs who take a no-tolerance stance toward their users sending spam.

All three of those ARE spammers and are all very unresponsive in getting
their customers to clean up... Comcast is the worst of the bunch,
followed by Cox, and AOL is much better than it used to be... Every spam
or virus received from them, if forwarded back with a complaint and
the reason for it...

Baloney. I receive practically no email from anyone using an ISP that
supports spam. I doubt I know ANYONE who uses an ISP that supports spam.
And yet email sent to me was getting blocked on a regular basis, because
those spam-intolerant ISPs that my friends and family do use were still
getting blocked.

I guess you don't get any of those "419" money scams then...

Do you really believe that Ben or his ISP at rrcnet.org have blocked the
optonline.net domain as a spamming network legitimately?

I kneaux I have...

"Peter Duniho" wrote in message
The same tool, by the way, was blocking another friend's email because he
was running his own email server behind a dynamic IP address. Yet another
inappropriately blocked, perfectly legitimate source of email.

No it is not inappropriate or legitimate. Your friend is an idiot and
should have known that running a mail server under a dynamic address
(probably by using a DNS service) is one of the surest ways of getting on a
blacklist or ten.

Anyone with rudimentary knowledge of mail servers should know this or know
ways of getting around it.

He shold pay the extra bucks for a static address like other "legitmate"
mail servers. If not, well, you get what you pay for.

Baloney. I receive practically no email from anyone using an ISP that
supports spam. I doubt I know ANYONE who uses an ISP that supports spam.

Hate to break it to you, Pete, but your own ISP is a fairly well-known
spammer. "They" don't actually spam, but they are a friendly host to
spammers. They are known to ignore spam complaints and not take appropriate
action on abuse reports. A quick Google on the NANAE Usenet group will
reveal all.

They are not alone, of course. Cox cable was blacklisted by many for the
longest time. Verizon, AOL, Level3, Roadrunner, Yahoo and many other very
well known and popular ISPs have been listed on the major blacklists at one
time or another. "Unfair" blacklists the only way to get these big
providers attention sometimes.

Do you really believe that Ben or his ISP at rrcnet.org have blocked the
optonline.net domain as a spamming network legitimately?

Why wouldn't they? When I (or my customers) get desperate enough, I will
also make use of a half dozen well known blacklists. Yeah, you might miss a
few legitimate emails but the alternative is a flooded mailbox and bandwidth
problems. It's a desperate measure and one that you do not adopt with
haste. But when all else fails and your small customer doesn't want to pay
the big bucks for decent filtering, you make do.

--
Jim Fisher

"Peter Duniho" wrote in message
...

Why you replied by email, I don't know. However, as far as the blocked
domain goes, it's likely he has nothing to do with that.


I had info which I did not want to broadcast publicly but which I felt might
be directly useful to the poster of the question.

In article , Peter Duniho wrote:
My ISP provides this kind of "service", and once I found out what was going
on, I told them to disable it for my email. I don't get any more spam than
I used to, and I don't have friends and family complaining that they can't
send me email anymore.

Lucky you. I get around 120 emails a day - on average, 118 are spam.

SpamAssassin 2.60 does a much better job at filtering the spam than I
can do by hand. Filtering by hand is prone to false positives too. I've
also employed the SBL-XBL (a realtime listing of compromised machines,
as well as those owned by the worst spam-gangs) to reject as much as the
obvious spam as possible.

There is no legitimate reason why a *.client.comcast.net address should
be emailing me - anyone on cable/DSL etc. should send their mail through
their ISP's smart host (which are NOT blocked by the SBL-XBL).
--
Dylan Smith, Castletown, Isle of Man
Flying: http://www.dylansmith.net
Frontier Elite Universe: http://www.alioth.net
"Maintain thine airspeed, lest the ground come up and smite thee"

"Dylan Smith" wrote in message
...
Lucky you. I get around 120 emails a day - on average, 118 are spam.

You only get two pieces of email a day that aren't spam? Why do you even
bother? You don't have any reason to even use the Internet for mail, as
near as I can tell. I don't see what your anomalous situation has to do
with this sub-thread though.

SpamAssassin 2.60 does a much better job at filtering the spam than I
can do by hand.

It sure does. Like I said, SpamAssassin already filters out everything that
might have been blocked by the black-hole list my ISP was using.

[...]
There is no legitimate reason why a *.client.comcast.net address should
be emailing me - anyone on cable/DSL etc. should send their mail through
their ISP's smart host (which are NOT blocked by the SBL-XBL).

You, like several other people, are not bothering to read what I wrote.

In only ONE instance is the blocked email coming from a friend's own mail
server. All of the other blocked email messages WERE sent through their
ISP's mail server and they ARE blocked by the black-hole list service.

I don't know why this is so hard for you guys to grasp. You keep claiming
that the service isn't doing what I say that it does do. I know what it
does, I spent a huge amount of time learning about it (when the bounces
first started happening, I didn't have any idea why), and I know for a fact
that it is blocking perfectly legitimate email for absolutely no good
reason.

The whole concept is paternalistic crap. It punishes ISPs, especially the
largest ones (since they have the most exposure), even if they are doing
their best to keep spam off of their networks, and causes no end of
headaches for legitimate users.

Spam filtering is well and good but any proper solution will NEVER EVER
block legitimate email. One single false positive is simply unacceptable.
It is better to accept more false negatives instead.

Pete

In article , Peter Duniho wrote:
snip: only 2 legitimate emails a day/why email?
I only get a couple of phone calls a day. I still have a phone.
Difference is my phone doesn't get spammed. Even on days where I get ten
or eleven legitimate emails, having to pick them out from over 100 spam
emails is not feasable so filtering has to be employed.

I don't know why this is so hard for you guys to grasp. You keep claiming
that the service isn't doing what I say that it does do. I know what it
does, I spent a huge amount of time learning about it (when the bounces
first started happening, I didn't have any idea why), and I know for a fact
that it is blocking perfectly legitimate email for absolutely no good
reason.

No, I'm not. I don't make any claims as to what your ISP does. My
article was about a particular approach with RBLs, and that was to use a
combination of the SBL-XBL and SpamAssassin. The former does not block
ISPs smart hosts. The SBL-XBL is one of the more conservative RBLs -
it's not SPEWS.

The whole concept is paternalistic crap. It punishes ISPs, especially the
largest ones (since they have the most exposure)

The SBL-XBL doesn't list any of the large ISP's smarthosts. AOL et al.
get delivered fine. AOL is also doing useful things like putting SPF
(http://spf.pobox.com) records in their DNS zones so I can tell if mail
claiming to be from AOL really is from AOL before I accept it (a lot of
spam comes with forged AOL headers. SpamAssassin can score against
forged headers).

Spam filtering is well and good but any proper solution will NEVER EVER
block legitimate email. One single false positive is simply unacceptable.

This is impossible. If you get a lot of spam, even filtering by hand still
gets false positives - either that or you spend several hours a day
making doubly sure you're not going to hand-filter ham as spam, in which
case email becomes cost-ineffective. I know that before SA/SBL-XBL I
accidentally deleted emails because they looked to me like spam.

To be honest, I wouldn't consider email a reliable method of
communication thanks to the spammers. Things like SPF will help as it
will mean we can tell if From: headers are forged from the get-go, but
unless ISPs get more agressive about stopping the spam problem (giving
users firewalled access by default instead of anything goes - definitely
blocking outbound port 25, rate limiting their smart hosts so
residential users are limited on how many emails they can send per day
etc.) it's only going to get worse.

--
Dylan Smith, Castletown, Isle of Man
Flying: http://www.dylansmith.net
Frontier Elite Universe: http://www.alioth.net
"Maintain thine airspeed, lest the ground come up and smite thee"

In article , Dylan Smith
wrote:

There is no legitimate reason why a *.client.comcast.net address should
be emailing me - anyone on cable/DSL etc. should send their mail through
their ISP's smart host (which are NOT blocked by the SBL-XBL).

"no legitimate reason"? huh?

--
Bob Noel

In article , Bob Noel
wrote:
In article , Dylan Smith
wrote:

There is no legitimate reason why a *.client.comcast.net address should
be emailing me - anyone on cable/DSL etc. should send their mail through
their ISP's smart host (which are NOT blocked by the SBL-XBL).

"no legitimate reason"? huh?

If you want to run servers at home, get a proper business account
instead of using a consumer account. Or get a virtual private server
somewhere (they aren't expensive, especially when you consider the
electricity costs of leaving a server-class machine on 24x7) The amount of
legitimate email vs Windows worms and spam I get from dynamic IP ranges
is so tiny that it doesn't even register as noise. During the Swen
outbreak, I was getting a couple of Swen emails per minute. Frankly, I'm
fed up with it. Use your ISP's smarthost or if you really insist on
running your own mailserver, pony up for a business account, or get a
VPS and run your own SMTP server there.

Still, I use the SBL-XBL because it doesn't just indiscriminately block
all ranges, just the ones that are particular problems.

I also reject any email with a Windows executable at the DATA stage.

--
Dylan Smith, Castletown, Isle of Man
Flying: http://www.dylansmith.net
Frontier Elite Universe: http://www.alioth.net
"Maintain thine airspeed, lest the ground come up and smite thee"

Peter Gottlieb wrote:

My domain is optonline.net, which is a major cable internet ISP. If you
block optonline.net then you stop email from millions of legitimate
addresses.

I block CableVision as well, too much spam from the 167.206.x.x IP range...

Nobodies complained about it... g