OT: fighting rbl's

Tue Nov 30 15:31:47 UTC 2004

Aleksandar Milivojevic wrote:
> Anyhow, in my personal experience, using RBL lists for detecting dial-up 
> pools for purpose of blind blocking is very bad idea.  Those lists are 
> impossible to be made accurate.  It is trivial to find examples of 
> dial-up pools not listed in those lists,

I am not aware of any list that claims to list *all* dial-up pools. Refusing 
mail from the dial-up pools of large ISPs is very effective at reducing spam. 
However, greylisting probably works better for these cases (generally 
trojanned Windows boxes that are open proxies rather than open relays that 
will retry).

> and to find static ranges that 
> are incorrectly listed (mostly small companies that own small number of 
> IP addresses, larger companies that own at least entire C class are 
> usually spared).

Having reverse DNS with a non-generic-looking name is also a good way of 
demonstrating that the IPs are static rather than dynamic.

> Dial-up pools RBL lists have too much false positives 
> and false negatives to be usefull on their own.

The false positives are usually hobbyist Linux users that know how to work 
around the problem though.

> The reason is that ISP can use IP ranges it owns however it wants (which 
> is perfectly OK, nothing wrong with it).  ISP has no obligations to 
> inform anybody what IP ranges it uses for dial-up pools, and what ranges 
> it uses for customers who pay extra for static IP (this is perfectly OK 
> too).  It can move entire C class from dial-up pool to static customers 
> without informing anybody, and it can do the other way around too.  Said 
> that, I am not aware of a single ISP that will publish such information, 
> and some ISPs will not give you that information even if you ask for it.

Last week, over on SPAM-L, an Israeli ISP listed their dynamic IP range and 
*requested* that everyone block it until they could get their outgoing port 25 
block in place.

AOL's dynamic ranges are available to see at 
http://postmaster.info.aol.com/servers/dialup.html

Most of the entries in the MAPS DUL are provided by the ISPs themselves.

> Said that, the only place where dial-up RBL list is of any use are score 
> based anti-spam tools (such as SpamAssassin).  If you assign small 
> score, it will not block emails by itself, but it will make contribution 
> to the big picture.  Add AWL to the mix, and dial-up RBL lists become 
> actually usefull.  For anything else, *do not* use them.  You'll end up 
> blocking legitimate email.  Such as emails from the OP.

*Any* list can be prone to blocking legitimate mail. Some more so than others. 
It's up to each mail admin how they want to trade off their false 
positives/false negatives/processing time per message. I score the SORBS DUL 
list highly on my spam filter and it works for me.

As the OP actually has a static IP, the real solution for that should be to 
get the incorrect listings fixed, rather than stopping using dynamic IP lists 
altogether.

Paul.