This forum is closed to new posts and
responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:
Anti-Spam Abilities (Edited) ~Umberto Nongeroson 4.Oct.02 06:07 AM a Web browser Domino Server 6.0Windows 2000
If anyone is interested, I have the email from the SpamCop service describing their blackhole filter and how it works. Send an email to me at <removed> and I will forward it to you.
Stephen Lister (CLI, PCLP)
Due to the fact that a month later I am still getting request for this, I'm going to post the email here. Enjoy!
******************************
For all you long-time SpamCop users, the SCBL is not anything new.
However, for a lot of you newer folks, and those who simply use
SpamCop for reporting, you may not be aware of it.
For years, there have been a variety of DNS-based blocking lists
(DNSbl's)[1] on the internet. The MAPS Realtime Blackhole List
("RBL")[2] was the first, and one of the largest, most influential
entities on the internet. If they added an IP address to their list,
mailservers which checked incoming mail against the RBL would reject
mail from that IP address. Their listing practices were conservative,
and won great acclaim from internet users and administrators. It is
estimated that at their peak, the RBL was used by over 40% of the
mail servers on the planet. However, their popularity would be their
undoing -- their expenses grew so large that they had to start
charging for access to the RBL to cover their costs. Their popularity
declined rapidly, and a bunch of alternate DNSbl's sprung up.
Several of these DNSbl's test against open relays, or open
proxies[2]. They are quite effective for detecting technical flaws,
and they're generally considered "safe"[4] to use to block mail from
-- you can say "Your server has a technical flaw which leaves it open
to abuse. It is our policy to not permit this, so until you fix your
server's flaw, we will not accept your mail."
Other DNSbl's were based on their author's opinions -- SPEWS.org and
SpamHaus.org are examples of this. SpamHaus is much more conservative
of SPEWS, and has narrowly-defined listing policies, so it's used in
wide circulation. SPEWS is more aggressive, and operates from a
lawsuit-proof[5] position of complete anonymity. Of course, using
these lists means that one needs to trust the opinions of the list
maintainer. Also, backing up the blocking of mail based on a
technical fact is much easier to do than blocking mail because "they
say so", so there's a bit more awkwardness involved. The "personal
touch" of these lists is their Achillies Heel -- they are generally
slow to react to new spam, and are not effective in stopping "spam in
progress".
The SCBL solves this problem. For years, SpamCop has had tens of
thousands of spam reports sent by it's users to internet providers,
web hosts, etc. This gives it an enormous amount of data about spam
patterns and levels. Until the SCBL came about, this information was
just used to creating pretty "statistics" graphs,
Now, SpamCop reports are automatically counted for use in the SCBL --
SpamCop counts the number of legitimate mails that it receives from a
specific IP address, and then counts the number of spam reports it
has for that IP. If[6] the amount of spam exceeds 2% of the total
volume of mail for that server, the server is automatically listed.
Assuming that the spam stops, over a period of time (depending on the
number of reports received, as well as a few other factors) the
server will eventually be de-listed. Generally this occurs within one
week.
In summary (you were waiting for this, huh?): SpamCop reports that
everyone, even you, sends are counted for the SCBL. This means that
not only are you taking action directly against spammers (by means of
reporting), but you are also helping protect lots
(thousands/tens-of-thousands/hundreds-of-thousands/millions?) of
other users whose ISPs use the SCBL to shield them from spam. Your
one report holds a lot more weight than it did before the SCBL.
[1] Yes, the same DNS used for hostname resolution. Email me if you
have questions. (Warning: It can get technical.)
[2] http://mail-abuse.org/rbl/
[3] I like http://relays.visi.com/ and http://www.blitzed.org/opm/,
respectively.
[4] Of course, it's up to the individual administrator to determine
what is appropriate to use on their servers.
[5] By my knowledge of current laws (I'm not a lawyer), DNSbl's are
perfectly legal. The lawsuits are brought about by an American
society where you can sue anyone for anything.
[6] This is a general summary of the algorithm and may be subject to
errors on my part, or change by SpamCop. See http://spamcop.net/fom-serve/cache/297.html for more details.
--
Pete Stephenson
HeyPete.com
_______________________________________________
SpamCop-Digest mailing list
SpamCop-Digest@news.spamcop.net http://news.spamcop.net/mailman/listinfo/spamcop-digest
Return to top
. . . . Anti-Spam Abilities (Edited) (~Holly Minjipyb... 4.Oct.02) 
Print this page
