Re: [exim] White List and Yellow List DNS Servers - Proposal

Marc wrote:

> 1) Blacklist - host that send only spam
> 2) Whitelist - hosts that never send spam.
> 3) Yellowlist - Hosts that have some spam sneak through but
> should never be blacklisted. gmail, yahoo, hotmail, etc are examples.

Blacklisting the big-boys (temporarily of course, meaning you're basing your
denial on systems like spamcop, etc...) is a sure-fire way to get them in to
action cleaning up their spammers. Letting their stuff slip through and not
having any of their clients complaining because they're getting bouncebacks,
and their response times to cleaning house will probably be slower.

Then there's the line that you'll end up drawing which separates the small
from the big - who's to dictate who should be considered for the yellowlist
and who isn't? What if an entry in the yellowlist starts to abuse their
given privileges and starts spamming a bit too much for some peoples tastes?
Would controlling the entries between white, black and yellow be
automatically controlled based on statistics perhaps?

> The problem with blacklists is false positives. If not for
> that we could use them more to block spam. So - with white
> and yellow lists we can check then we can make sure that good
> servers are never blacklisted.

Personally, a "good" server is a server I can trust - and I only trust my
own systems... and even then not very much in some cases (speaking in terms
of shared services being sold - so I only trust my servers as much as the
clients using them).

Blacklists will always inherently be subject to false positives. Once you
blacklist a domain from sending you email, depending how you implement it
(usually before ever receiving email data), you'll never really know if
they've cleaned up their act. You may think that based on their history of
likely sending nothing but spam that they still are - but maybe they got rid
of the problem? Personally, I view the use of blacklists as a very last
resort to permantently banning a system from ever interacting with mine
again - if they're in my blacklist, they'd have to do something truly
impressive to get out of it.

I'm referring to system-wide blacklists fyi. Per-user lists, since
controlled by individual users, are more like a filter and I leave it solely
up to them to control who they want email from - a "yellowlist" at this
level actually sounds like a fairly decent idea since there are clients who
love their spam filtering, but always like to whine when their buddybuddy
using gmail can't send them email because gmail got temp listed in spamcop
or something (just an example, I use multiple lists before actually
denying).

> Who likes this idea?

In the end, it shouldn't matter who likes your ideas or not. You're the
administrator of your server(s) - what you say goes. If your clients don't
like it, you can deal with them individually to see if you're going to
rethink the strategy or what have you.

If you were getting at what thoughts people would have for trying to put
together a common "yellowlist" DNS server - well, that'll work out as well
as white and blacklisting has to date. Everyone has their own opinions of
who to block and who not to, and nobody truly likes being told who that is
(for example, I personally dislike the owner(s) of SPEWS and refuse to ever
use their system, or any system that uses their system). I'd say set up
your own yellowlist server, publish it as you wish and if people want to try
it out, they will.

Eli.