> -----Original Message-----
> From: Alan J. Flavell [mailto:a.flavell@physics.gla.ac.uk]
> Quite some time back it occurred to me that one could categorise two
> classes of dnsRBL: one class of blacklist indicates that a host is
> potentially capable of acting as a spam relay (open relay, open proxy
> etc.) and the other indicates that the host has been actually seen
> relaying spam (spamcop, spam.sorbs etc.).
That's a rather charitable characterization of Spamcop's listing policy.
It's more like, "one person got a message they felt was spam that apparently
came from that machine." I've seen multi-user systems blacklisted when a
single user sent a single message that looked spammy. It's entirely
subjective, and it probably wouldn't be that hard for someone to forge
submissions to get any system they wanted listed. When this happens,
there's no way of getting the system removed, either, other than to just
wait for it to expire off the list.