[Administrivia] Does TLUG send any email from Rogers IP addresses ?

Sun Jun 6 11:26:07 UTC 2004

On Sat, Jun 05, 2004 at 02:26:11PM +1000, David Colebatch wrote
> On Thursday 03 June 2004 9:39 am, Walter Dnes wrote:

> >   I checked the DNS on 69.199.78.60 backwards and forwards.  It is...
> > CPE0040f45b7dd5-CM000e5c708cae.cpe.net.cable.rogers.com and I do have
> > *.cpe.net.cable.rogers.com in my personal blocklist.  My spamblocks
> > refused 3357 email delivery attempts to my one email address in May.
> > I've had to go into heavy-handed-blocking mode to avoid being swamped in
> > spam.  A lot of people have 4.0.0.0/8 and 200.0.0.0/7 blocked.  Not as
> > many have 24.0.0.0/8 blocked.  But that was 956 of May's delivery
> > attempts that were blocked.
> 
> This also applies to the thread "simple procmail recipe".
> 
> Have you guys tried spamassin?  Judging whether a message is spam
> or not, just by where it comes from seems quite discriminatory,

  If...
  - it comes from address blocks that send me nothing but spam
  - it comes from countries where I don't know anybody
  - and particularly, if it comes from address blocks consisting of
    residential cablemodems, whose users are not supposed to be sending
    direct-to-MX in the first place, according to their ISP's regulations

Then it's most likely "lossless compression of my mailspool" to block them.

> where as judging it based on the content of the message makes much
> more sense to me.

  1) It's about CONSENT not content.

  2) Due to various oddities in Canadian telecomm de-regulation, I
haven't been able to use my preferred ADSL provider since January.
Because Bell was supposed to be available at my new residence RSN
("Real Soon Now"), I decided to tough it out on dialup "for a couple of
months".  Bell finally started offering service at my building late last
month, and I've filed for a switchover to Bell.  Once that happens, I
can apply for ADSL service from IStop.  Bottom line is that I've been on
dialup for the past 6 months.

  Do you have any idea of how much time I'd waste downloading all that
garbage over a dialup, just so that I can filter it and throw it away?
JHD ("Just Hit Delete") doesn't work.

  3) And I can tell you from personal experience that content-filtering
doesn't work either.  After the first few months, spammers have learned
how to defeat Naive Bayesian filters.

> If your clients businesses, or worse, your own, are at all dealing
> internationally, then I'd seriously reconsider the practice of
> blocking such large parts of the internet.

  Just a personal domain, so that I don't have to notify all my friends
and acquaintances if/when I change ISPs.  At work, where we do have to
deal with international correspondence, the garbage keeps coming in.
Anything rating 10 or higher in SpamAssassin is dropped at the gateway.
5.0-to-9.9 gets flagged as likely spam.  We're now getting a lot of spam
that doesn't even get flagged, let alone dropped.  And the rules can't
be tightened for fear of false-positives.

> Australia has recently passed anti spam legislation which prohibits
> the sending of spam etc.

  And most countries on this planet have laws providing jail terms for
hi-jacking someone else's computer (e.g. for use as a spam zombie).  Big
fat help it's been.

> Also, consider subscribing to one of the black lists, RBL etc.
> exim and other MTA's interface quite easily with all of these
> anti-spam solutions.

  I've found an ISP that lets end-users configure SMTP-stage filters
that kick in after RCPT and before DATA.  Blocked delivery attempts get
a 550 reject, not a "bounce" that helps mailbomb innocent 3rd parties.
I do use various DNSbls, but I put my local blocking rules ahead of
them.  My local rules catch most of the garbage, so the DNSbls never see
it.  This lightens the load on the DNSbls.  Here's my blocking summery
for May, with blocking rules listed in order of precedence...

Total = 3357
============
No hostname = 1062
Dynamic IP by rDNS regex = 1310
Provider by rDNS = 249
Country by rDNS = 198
Country by envelope-sender = 101
24.0.0.0./8 CIDR = 29
200.0.0.0./7 CIDR = 47
4.0.0.0./8 CIDR = 9
countries.nerd.dk = 166
Various lists of dnsbl.sorbs.net = 151
list.dsbl.org = 16
Spamhaus lists = 10
Commonly forged from not verified = 7

-- 
Walter Dnes <waltdnes-SLHPyeZ9y/tg9hUCZPvPmw at public.gmane.org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml