rmeyer at mhsc.com
Thu May 24 02:35:42 UTC 2001
> From: David Schwartz [mailto:davids at webmaster.com]
> Sent: Wednesday, May 23, 2001 7:10 PM
> Roeland Meyer wrote:
> > I don't need to check because I have a piece of confirmed spam
> > from them. A
> > smoking gun. That's the way MAPS RBL has been working for years.
> > That is the
> > way I expect it to continue to work. The main reason that I
> posted to this
> > thread is that some of the posts lead me to believe
> otherwise. They were
> > confused.
> I think you're missing the big picture. If you receive
> a single piece of
> spam from a site, that's not automatically grounds to block
> the site. That's
> a recipe for maximizing collateral damage.
> So the receipt of a spam from a site is the beginning
> of the process, not
> the end.
Actually, I simplified the process. I agree with you 100% here. I don't have
the time for such an investigation therefore I use MAPS RBL.
> > > Absolutely. Probe the machine that is of concern, not
> > > whole blocks randomly.
> > Also, only block the proven spam-host. No one else.
> That's a more complex judgment. In most cases, I agree
> that this is
> appropriate, but I can think of (and have personally
> witnessed) more extreme
> circumstances. I've seen ISPs who say, "no, we like to spam
> and we will spam
> in the future". In those extreme cases, I'll block their
> entire address
> space from reaching my mail servers until their policy changes.
Another reason to use MAPS RBL.
> > > No, its open-relay status is not irrelevant. If you
> > > know a site is an open
> > > relay, however you know this, and you want to block open
> > > relays (which I do)
> > > and it's my right to block open relays, then I will block
> > > them. How I find
> > > out they're an open relay is another story. The usual way is
> > > you probe a
> > > site when it becomes an actual problem.
> > I submit that if you have a piece of spam, from a site, and
> are blocking
> > them, why do you need to probe them?
> Well, if you're blocking them because they're an open
> relay and they say
> they've fixed the problem, it's certainly reasonable to probe
> them to decide
> whether you should begin allowing mail from them. Or do you think it's
> better to block them indefinitely just so that you don't 'trespass' by
> probing them?
I'm actually not advocating blocking all open relays. I am advocating
blocking all spammers, whether they have open relays or not. There are
actually open relays that a spammer can never use, because the open relay
site uses MAPS RBL. The are collateral damage, with ORBS. Show me how such a
site can be used by a MAPS RBL'd spammer. BTW, yet another reason to use
> > > 3) Do you think it's unreasonable to block known open
> > > relays as a
> > > protection against future spam.
> > Absolutely not. Our entire Norte Americano culture is biased
> > AGAINST apriori
> > restrictions.
The following is a real good example of why I don't like argument by
analogy. Your analogy is broken. Let's deal with the issue directly. We
actually seem to be on the same side here or not very far apart.
> Nonsense! This argument would say that you should allow
> children to bring
> guns into school provided they haven't yet shot them. Our
> culture is biased
> against a priori restrictions upon speech imposed by the
> government, but
> there is nothing inherently bad about a priori restrictions.
> > You DO NOT spank someone for something that they
> > have NOT, in
> > fact, done. It's called prior restraint and there is a
> reason that it is
> > considered unjust. It violates the PURE WAR ethos. There is
> no excuse for
> > collateral damage. Innocents should not be involved, period. This is
> > important because we DO have the technology to wage the PURE WAR and are
> > ethically compelled to use it.
More information about the NANOG