[CS-FSLUG] My analysis of the email spam problem

Sun Oct 10 07:51:03 CDT 2004

Ed Hurst <ehurst at asisaid.com> wrote:

> The standards are no set by folks like you and I. They are established
> by network technicians over the years discussing it and coming to terms.

Well, I participated a bit in the DRUMS working group which revised
the email specs (the resulting revised specs being published as RFCs
2821 and 2822), and I'd say that those "network technicians" are
people like you and I.

:-)

> In this case, the blocklist advocates are the largest single
> "block" of technicians. They rule in that sense, because no other
> indentifiable group is as large and powerful.

That's probably because among the currently-available anti-spam
strategies, blocklisting is the one with the best long-term
credibility.  If/when a better solution becomes available, it'll win
supporters quickly.

> Nobody with dialup has any reason to send direct-to-MX.

Sending via an ISP's mailserver introduces an additional potential
point of failure / point of pontential censorship / point of potential
privacy violations.

Hence the fact that the use of blocklisting forces you to refuse mail
that seems to come via dialup connections (which in term forces dialup
users to send their mail via the ISP's mailserver) is a disadvantage
of blocklisting-based anti-spam strategies.

I had written:

> > What this means is that unless you know how to get reverse dns which
> > doesn't look like a dialup connection, you can't reliably send
> > legitimate bulk email.  Suppose for example that you're organising a
> > conference, and want to send an email message to everyone who has
> > registered for the conference.  You can't send these emails directly
> > to the recipients' mailservers, because so many will bounce or even
> > silently discard it.  And if you try to send them through your ISP's
> > mailserver, the messages might get bounced or dropped there because
> > ISPs need to be wary of the risk of getting their mailservers
> > blacklisted.
> 
> I don't quite follow you, but I do know this: Legitimate bulkmailers
> will pay for a proper mailserver registration with reverse DNS. That's
> the standard. Legitimate bulkmailers will also know better than to
> obtain service from disreputable providers who harbor spammers.

Someone who organizes a conference is an example of someone with a
legitimate need of sending bulk email, without any need to become a
professional "legitimate bulkmailer".

> > My impression is that IP-based blacklists have been tried,
> > extensively, some with the SPEWS-like "shotgun" approach, others
> > with more careful rules.  As far as I can see, the experience is
> > that this approach doesn't work well enough.
> 
> Your impression is sadly mistaken. It works exceedingly well to those
> who subscribe, but there are some false positives. The moral high ground
> is to create your own list, or use lists with a better standard.

What's your recommendation?

(I'd like to experiment with it a bit, if it's not too expensive.)

Blessings,
Norbert.