Alan J. Flavell wrote:
>>You really shouldn't use the spamcop blacklist, please check this link:
>>http://www.fastmail.fm/users/jhoward/spamcop.html
>
> Without starting a discussion on the detailed contents of that page, I
> at least agree with you to the extent that one should not block mail
> on the basis of the spamcop list alone.
But many people do so, and that's a real problem. Maybe more people
should look for HOW the BL works, before blindly using it.
> However, it's useful to block on the basis of a site being listed in
> both Spamcop and one or more[1] of the technical open relay/proxy
> blacklists, even if you wouldn't block on the basis of one or other
> alone. This is a pretty good indication that a site is not only
> capable of being misused as a spam relay, but is in fact being used as
> such.
The way spamcop SHOULD work would be ok, but it needs much more tuning
before it can be really used in production-use. And, IMHO combining
spamcop with another RBL is pointless, because the goals are different.
Spamcop tries to block a spamsender as soon as possible, to stop them
from sending spam, but they depend only on the mails headers (and some
mysterious spamtraps). Julian tries to make a good job, but IMHO he
currently fails :-/
> [1] your choice, really, from (subsets of) relays.monkeys,com,
> relays.ordb.org, relays.osirusoft.com, maybe dynablock.wirehub.net
> etc.
>
> This of course is meant in addition to any blacklists you might be
> using as complete blocks (such as indeed MAPS if you subscribe to it).
All the common open relay blocklists can be used independend from each
other, they block servers for misconfiguration/security flaws. The admin
is able to fix the problem, and delist his/her server. With spamcop, the
admin can just sit and wait for the delisting.
>>For real spam-protection, you should use a tool like
>>SpamAssassin/bogofilter/razor. These tools analyze the message itself,
>>not only the server where the mail came from.
>
> Content-based filters can be useful for a great deal of stuff, indeed,
> but increasingly some spammers are evidently learning how to disguise
> their content so that content-based filters rate it as harmless normal
> mail.
I know, I stated this in a mail last week, but currently they work well.
Fighting spam is a endless fight, the only real thing you can do is
shutting down the server ;)
As an example, some months ago sender verification was VERY helpful, int
the last weeks it's becoming more and more useless, because spammers
start to use real addresses to send out spam (Joe Jobs).
Or they are looking for "new common" missconfigurations, like the
AUTH-problem with exim.
Sadly we can only react, not act :-/
Nico
