IP: more on The age of new blacklisting is upon us (not related to homeland defense)

[David Farber <dave () farber net>]

> From: Todd <todd () bitslinger net>
> To: farber () cis upenn edu
> Subject: Re: IP: The age of new blacklisting is upon us (not related to 
> homeland defense)
>
>
> David Farber writes:
> >>From: "Janos G." <janos451 () earthlink net>
> >>To: "jg" <janos451 () earthlink net>
> >>
> >>Sysadmins at certain domains are starting to use these lists (eg.
> >>http://ordb.org/, http://orbz.org) to filter incoming email. Messages,
> >>spam or not, from hosts on the list is summarily bounced. To me, this is
> >>a rash and stupid action on their end, but there's nothing I can do
> >>about it.
> >>
>
> This problem is very difficult.  I am a mail admin at a small ISP that's been
> around for about 10 years (and so our older domains are on many spammers'
> lists).  Were it not for spam, our mail servers would have plenty of 
> bandwidth,
> RAM, disk space and CPU.  Because of spam, we sometimes see dangerous spikes
> in one or all of the above (excepting perhaps CPU, but that's another 
> issue).
> Without filtering of the sort mentioned above, all our customers' mailboxes
> would look like the snail mailbox at a student apartment in a college town
> (hundreds of pieces of junkmail accumulate per week, what with all the 
> previous
> tenants).
>
> To top it off, because our mail system evolved haphazardly, without regard to
> scalability way back when, it's a strange and convoluted system, and very 
> hard
> to upgrade.  The result being that one of our secondary mail servers was
> discovered to be a potential open relay and blocked by some blacklisters, 
> which
> ended up in our main server being blocked, as well.  The situation is nearly
> resolved, but has taken some time, due to the delicacy of our mail system
> (customers dislike losing mail) .
>
> But filtering is necessary.  I see IP addresses connect over and over again,
> trying an obviously dictionary-culled list of potential email addresses
> @<various_domains_we_host>.  If we didn't block those IP addresses, our mail
> logs alone would overflow our filesystem and cause problems.  Even with
> filtering, our mail logs have grown from less than 10MB/server/day a couple
> years ago to over 40MB/server/day now.
>
> The MAPS system, back when it was free, was very good, comparatively.  The
> current state of "balkanization" of RBL services has ended up in some
> overzealous filtering by folk I can only describe as fanatics, which has
> definitely caused problems, but it's still better than no filtering at all.
> Even though filtering has bit us (a very anti-spam ISP), and caused me
> annoyance, I still don't agree that it is "rash and stupid".  I wish there 
> were
> a better solution, but so far, none have arisen.
>
> -Todd

For archives see:
http://www.interesting-people.org/archives/interesting-people/