[ On Saturday, September 9, 2000 at 22:56:22 (-0700), Greywolf wrote: ]
> Subject: Re: spam to my list address 
>
> On Sun, 10 Sep 2000, Peter Seebach wrote:
> #
> # >This is bad for me because, due to my IP, I get rejected trying to mail
> # >to one of either planix.com or weird.org (or do I have them backwards?).
> # >pobox.com also rejects me because of this.
> # 
> # Are you sure it isn't ORBS that they're really using?  ORBS has a history of
> # spite listings, and has been fairly hostile to above.net in the past.
> 
> I'm confused anymore about which is which.

Well weird.com uses both.  Successfully I might add -- but then we're
not an ISP.

However recently I've given up on the extremely sparse API in TCP
Wrappers and have re-implemented all of the RBL checks in Smail (to
appear in 3.2.0.112 RSN!) such that the DNS A record returned from any
DNS-based Reverse Black List (RBL) lookup can be used as part of the
test (and so that the SMTP reject message can include details explaining
the exact reason for the reject).

This was done so that I could stop rejecting hosts that appear in the
ORBS RBL with A RR values of 127.0.0.4, i.e. those appearing in the
so-called "manual" list maintained by ORBS, which includes a few of the
above.net netblocks.

BTW, of the literally thousands of attempts to deliver spam to weird.com
in the last few weeks that were rejected by the various RBLs since this
change was made, only 14 (yes, just fourteen!) were rejected because of
the MAPS RBL.  The remainder were rejected because of either the MAPS
DUL RBL or the ORBS RBL.

Of all of the connection attempts and messages rejected by weird.com in
the past couple of weeks, there wre probably only two or three that were
"legitimate" -- or at least legitimate and important enough that the
correspondents were willing to try to reach us by some other means.

I've also done some small analysis of the spam delivered to NetBSD
mailing lists.  Most would be rejected by simply requiring that all
senders honour their half of the RFC-1123 sec. 5.2.5.  Of course there
are still a few subscribers who have failed to follow this requirement
so this kind of check would cause their e-mail to be rejected until they
managed to fix their configurations.  However quite a bit of the spam
would be rejected by using the ORBS RBL (even without the manual list),
the remainder would be rejected by using the MAPS DUL.  I don't know if
the MAPS RBL would reject any more or not, but it wouldn't hurt to use
it.

At the very least though it's a total no-brainer to use the MAPS DUL.
From what I can see this alone will reject well over half of the spam
that currently gets through to NetBSD mailing lists.  If even the
machine-verified portions of the ORBS RBL are not used then perhaps the
main MAPS RBL will catch enough of the rest to reduce the spam we see to
an acceptable level.

Verifying that there's either an MX or A RR for the domain name in the
SMTP envelope sender address (weird.com requires there be an MX record
-- A RRs look like terminal servers to us, not mail servers).  Many
spammers have an ego that prevents them from using a legitimate looking
sender address and they seem to prefer instead to make up funny but
impossible names.

In the end the idea I'm trying to convey here is that this is just
e-mail folks!!!!  People get bent WAY too far out of shape when their
e-mail doesn't work -- they seem to have completely unrealistic
expectations about what e-mail can do for them and how it works.  The
NetBSD lists really do NOT *have* to accept all e-mail that's posted to
them and indeed the rejection of a few odd legitimate messages would be
far more acceptable in these kinds of forums than are the current levels
of spam.  (That and it would teach a few more people some lessons about
configuring their DNS and mailers properly!  :-)

Furthermore since the people posting to the NetBSD lists are supposedly
rather more competent and knowledgeable than the average non-technical
computer user it shouldn't be a big deal for subscribers to these lists
to handle any problems they might have in posting to the NetBSD lists
should such anti-spam protective measures be implemented.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>