SPAM on List...

[Martin Pool]

On  9 Dec 2002, "John E. Malmberg" <wb8tyw at qsl.net> wrote:

> If it was on any of the reputable blocking lists, I would not be able to
> receive any of the SAMBA lists, and you would be getting the
> bounces.

It has since been removed from some of them.

> I.P. based blocking has shown to be the only thing that motivates some
> domains to act on abuse reports.

I really don't care about abuse reports anymore.  There is an
inexhaustible supply of other spam sources.  Desirable as it may be to
have ISPs behave properly, it will not reduce the amount of spam.

> And the bounce message can contain an alternate contact means such
> as a web form if someone needs a white-listing.

A major goal of this exercise is to reduce or eliminate the number of
messages that require manual handling because they waste admin time,
and they are often dropped.  Our previous experience was that IP
blacklists have significant false-positive and false-negative rates.

In addition, IP blacklists seem to often "go mad" when the admins
start pursuing a campagin against some ISP in a way that does not
agree with our goals.  For example, the previously-reputable ORBS
server blacklisted most of Australia a few years ago.

Basically I want the decisions to be made by samba team admins, not by
other people.

> Some time last fall apparently Korea passed an OPT-OUT with the 
> equivalent of "ADV" in the headers law.  Right after that, list that I 
> subscribe to at a major university went from 2 spams a week to over 8 
> spams a day.  99% from Korea.

We no longer accept any mail from Korea. :-(

> Now the other thing to consider is that when the filter makes a mistake 
> and deletes a legitimate message, it is quite a while before the sender 
> figures out, if at all that the message did not get through.

Our filter sends intelligible, actionable bounce messages.  This is an
enormous improvement of the previous system, which said something like
"error 10". 

> If the message is bounced, the sender knows immediately, and can use the 
> alternate contact information, such as a web form to request a 
> whitelisting.

As RFC 2822 requires, mail to postmaster is not filtered, and is read
by a human.  People can report problems there.

> They also know that there is probably a problem with their ISP or
> with the particular block list, and they have the information needed
> to fix it.

That's bogus.  If my ISP is blocked it is very difficult for me to
change -- at home I am on a 12 month contract with my DSL provider,
for example.  Even if I did move, it's very unlikely that my leaving
would persuade them to change/enforce their AUP.  People with business
hosting are in a even more difficult situation.

> Filtering makes spam your problem.  Using a blocking list makes spam the 
> problem of the ISP sending the spam.  Eventually almost noone will 
> accept e-mail from them, either from local blocking lists, or public
> ones.

You describe a long-term solution in which spam-friendly ISPs are
gradually ostracised.  I'm not quite sure I believe you that there is
a clear distinction, that bonafide ISPs are really able to stop spam,
and that being ostracised will ever really cut them off.  But
regardless, these are long-term, global measures.    What I care about
is reducing admin load and spam transmission on samba.org right now.

Our bogofilter setup seems to be doing *extremely well* at just that;
I can see it catching many more messages and getting far fewer false
positives before, and it is no longer necessary to clear queues by
hand.  I looked through the queue when I installed it and there were
many posters who just happened e.g. to be from China and whose
messages were basically dropped.  

Unless people have specific complaints about the new setup I intend to
keep going along this path.

-- 
Martin