Re: [Asrg] A method to eliminate spam
2003-03-20 08:54:44
Ronald F. Guilmette wrote:
In message <3E78C984(_dot_)1020505(_at_)americasm01(_dot_)nt(_dot_)com>,
"Chris Lewis" <clewis(_at_)nortelnetworks(_dot_)com> wrote:
And the winner is.... <<drum roll>...
:-)
I was expecting you to chime in :-)
[*] I have an issue with MONKEYSPROXY because the criteria for removal
isn't "just fix the open socks or proxy and ask for retest" - because
asking for the retest has other extraneous requirements.
The UPL re-testing/de-listing requirements are detailed here:
http://www.monkeys.com/upl/delisting-policy.html
They are reasonably trivial to satisfy... unless you are a complete
dumbshit and/or unless your ISP is totally worthless and totally
unresponsive, even to YOUR requests for assistance.
I'm half expecting/dreading this to turn into a long protracted
discussion. Ron and I have had this conversation before, and I don't
expect my comments here will change his mind. So, I'm going to say my
piece as it pertains to general principles of spam control and then shut
up on this subject.
In my view, the criteria for "delisting" an IP in a blacklist should be
the exact reverse of the criteria for "listing". This is true in most
blacklists. Not true for Monkeys - it's saving grace _so_far_ is
simply that it _is_ very effective (partially due to us, as you'll
recall, Ron). But this will degrade over time given your delisting
criteria.
I agree with your remark about ISPs. But, that's not the point. The
goal of any anti-spam "technique" is to stop spam, not to to attempt to
enforce "best practises" which are unrelated to the technique, and are
at best only indirectly addressing spam. As such, a list where being
listed means "you're an open proxy", being delisted should mean "you're
no longer an open proxy", not "you're no longer an open proxy, and your
provider isn't an idiot".
For our purposes in handling false positives, I need to be able to tell
the person who hit the block that "I've triggered a retest" subject only
to issues surrounding, say, OSIRUS's or ORDB's retesting mechanism
glitching and missing a request, not "I tried to, pray your ISP pays
attention, your WHOIS entry is sane, etc".
The UPL isn't strictly a "open proxy/socks" list, it's more of a awkward
combination of "open proxy/socks" plus "RFCIgnorant". Those who want to
use it need to be aware of that fact.
When we hit a MONKEYS block we provide the end-user with the appropriate
link for the sender progressing through your delisting criteria, but I'd
expect the majority of users not be able to complete it successfully.
As I said, it's not a problem in practise yet, because we automatically
whitelist hits in "security lists" (open relay, proxy, socks) unless we
have reason to believe that the IP in question is actively spewing spam
_now_.
However, as the UPL gets older (it's only a few months old), and more
and more entries become out-of-date because of the delisting
requirements, we may have to rethink all of our interactions with it.
Hummmm.... <<pulls out slide rule>>... So only about 1/90th of your
whitelist requests arise due to your use of the UPL, but the UPL is
stopping half, or more than half of your incoming spam.
As I mentioned, I expect this to degrade over time. BOPM by itself is
almost as effective as Monkeys, and it doesn't have this problem - it
can't degrade into a list of "stupid providers" instead of "open
proxies/socks".
As for BOPM - only two "false positive" reports over a period several
months longer than we've been using Monkeys.
They were really open at the time and spewing spam. We got the sites
fixed and delisted.
In other words, we've not seen a FP due to BOPM's entries being stale
yet. At least half of those with the UPL were stale and no longer valid.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] A method to eliminate spam, (continued)
- RE: [Asrg] A method to eliminate spam, John Rumpelein
- Re: certs aren't the answer, was [Asrg] A method to eliminate spam, John R. Levine
- Message not available
- Re: [Asrg] A method to eliminate spam, meor
- Re: [Asrg] A method to eliminate spam, Kee Hinckley
- Re: [Asrg] A method to eliminate spam, Daniel Feenberg
- Re: [Asrg] A method to eliminate spam, Kee Hinckley
- Re: [Asrg] A method to eliminate spam, Chris Lewis
- Re: [Asrg] A method to eliminate spam, Ronald F. Guilmette
- Re: [Asrg] A method to eliminate spam,
Chris Lewis <=
- Re: [Asrg] A method to eliminate spam, Matt Sergeant
- Re: [Asrg] A method to eliminate spam, Chris Lewis
- Re: [Asrg] A method to eliminate spam, Matt Sergeant
- Message not available
- Re: [Asrg] A method to eliminate spam, meor
- Re: [Asrg] A method to eliminate spam, Ronald F. Guilmette
- Re: [Asrg] A method to eliminate spam, meor
- Rant: [Asrg] digital nonsense, Alan DeKok
- Re: [Asrg] A method to eliminate spam, Ronald F. Guilmette
- Re: [Asrg] A method to eliminate spam, meor
- Re: [Asrg] A method to eliminate spam, Ronald F. Guilmette
|
|
|