Autor: Walt Reed Data: Para: Mike Lima CC: exim-users Assunto: Re: [exim] abuse report
[edited]
On Mon, Nov 08, 2004 at 12:30:55PM +0000, Mike Lima said: > I agree that you can create a block list, but not by IP. As you know,
> spammers use dynamic IPs or invade systems and use their resources. So,
> a list by IP is a picture of a moment in the past. Once blocked a
> spammer will seek another way to send spam.
But once that netblock is in the blacklist, we are never bothered by it
again. A recent study showed that 80 percent of home machines were
infected with some kind of malware (virus, trojan, etc.) From analyzing
my own logs, close to 90% of spam comes from dynamic IP space. I also
question your claim that spammers will seek another way to send spam. I
have spammers that continue to try every single day even though they
have been blacklisted for over a year.
Blacklisting dynamic space works Very, Very well. Blacklisting static
IP's that spew spam works very, very well. The difference between my
(and other mail admins) local blacklists and SORBS like services is that
you can get delisted from sorbs and be able to send mail again. Local
blacklists are MUCH MUCH harder to get out of.
> Lists like sorbs forces you to pay 50 dollars for charity, to have your
> name dropped from the list.
You need to look at it differently. Look at it as a $50 fine for running
an insecure server. Hopefully you will be more careful next time.
> The problem is not on just sorbs. They are just the guys forcing you to
> donate. They tell that the money is to pay for their work of taking you
> in and out the list. The problem is that they cannot charge for
> something nobody asked them to do.
If the DNSBL service wasn not providing good service to others, people
would not use them. It takes lots of time and resources to operate these
lists. It's only fair that spammers and people running insecure servers
pay this cost as they are the ones causing the problems.
> I agree with domain block but I have to disagree when you drop groups of
> machines, people, countries, etc. That is abuse of power, arrogance and
> prepotence.
Not at all. You obviously don't understand the spam problem. Spammers
lie. They constantly forge domains. The only thing they cannot forge is
IP addresses. Blocking by IP is the single most effective weapon against
spam and compromized machines spreading malware. By blacklisting known
spammer (and virus sender) IP's, we reduce the load on our scanning
engines. Not all of us can afford the computing resources it would take
if we did not block by IP.
> I hope exim could keep the good work and I will continue using it, exept
> for the IP check.
Nobody is forcing you to use it just like Nobody (you) is going to stop
me FROM using it. Like many different email server software products,
exim gives you lots of flexability. With the DNSBL capability inside
exim, it allows us to offer a path to bypass the blacklist. Without the
capability in exim, we would be forced to use a firewall that does not
have the capability of bypassing the blacklist. You would choose that?