Re: [exim] UCEPROTECT Blacklists and why callouts are abusiv…

Góra strony
Delete this message
Reply to this message
Autor: Stuart Gall
Data:  
Dla: Ian Eiloart
CC: exim-users, Zbigniew Szalbot, UCEPROTECT-Network Blacklistmaster of the day
Temat: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive

On 17 Oct 2006, at 18:09, Ian Eiloart wrote:

>> TXT= "Net 83.19.0.0/16 is Level 3 listed at UCEPROTECT-Network. See
>> http://www.uceprotect.net/en/index.php?m=7&s=8"
>
> To be fair, they do recommend that users don't block at level 3.


Blocking the whole class B network is highly unlikely to be
restricted to the spammers
They only require 200/65535 IPs to block the lot.
It is also unclear if the 200 have to be from different class C
networks, as I read http://www.uceprotect.net/en/index.php?m=3&s=5
I understand that if 200 ips from a single class C network generate
spam then the whole class B is listed
559: Throwing the baby out with the bath water error

>
> I still think their listing criteria are dumb. The seem to use three
> techniques:
>
> 1. People who bounce viruses with warning messages (actually,
> that's fine).


I disagree with this, IME 99% of the time the mail is sent
automatically by the virus with a forged sender address so 99% of the
time it is wrong to bounce.
I am doing AV at SMTP time BTW

>
> 2. People who use SRS. I'd like to use it for local people that ask
> to get
> email forwarded from their local (sussex.ac.uk) address to a personal
> address. I don't see how SRS can harm anyone when I do this.
> Perhaps such
> email would never hit their honeypots, though.
>
> 3. People using sender verification callouts. They seem to think
> it's as
> bad as sending email, but my sender verification callouts don't fill
> mailboxes or server queues. And, they do stop lots of spam.
>



I think their policy is, create a spam trap, anyone that starts an
smtp session with the spam trap gets listed IRRESPECTIVE of what they
were trying to do.
Because the system is not able to determine legitimate access from
spam access.
Then find lots of sophistic arguments as to why you should be
blocking all these innocent people that have inadvertently pranged
the trap.
because they are trying to fight spam from a different angle

Stuart

PS
How about
Level 4 - block whole class A if there are 400 spammers in it
Level 5 - block all of internet if there are more than 1000 spammers
in the world

:-))
Sorry just being factious, blocking the whole class B is a bit crazy
HOWEVER, having a better granularity between /24 and /16 may have
some merit MAYBE - most ISPs have non contiguous class C net blocks
So blocking a whole /23 or /22 etc is probably useless but it is not
silly. Blocking /16 is silly