----- Original Message -----
From: "Keith Moore" <moore(_at_)cs(_dot_)utk(_dot_)edu>
To: "Hector Santos" <winserver(_dot_)support(_at_)winserver(_dot_)com>
Sent: Thursday, February 12, 2004 8:48 AM
Subject: Re: Best practices to avoid virus and spam
What period of time is this? And how to you correct yourself? How
does the system report you that it is fixed itself?
My guess is that an appropriate period of time would range from several
hours to a day or so. most mail is retried for a few days, so as long
as the problem is fixed then legitimate mail should be able to get
My research as shown at least 30 days was the average. I can show you the
analysis if warranted.
REALITY is that RBLs block legitimate mail and contribute significantly
to the failure rate of the mail system. And no, we shouldn't
standardize that part of reality.
I agree. There are many people are incorrectly blacklisted. Our experience
is that top people are legitimate, quickly find out and get unlisted pretty
quickly. Some of the better sites will double check before adding the IP
reported by someone.
What I'm proposing is that we encourage measures like this - that are
based on information from reliable sources - as alternatives to some of
the less reliable ad hoc measures that are currently in use.
I agree that RBL is like a "wish it wasn't necessary" type of thing. I mean
I didn't add it until the SPAM issues was becoming a real problem for
customers and when I did, I cringed at the need to add a "kludge" which
could not be done with SMTP compliant/policy or method, i.e, more official.
MAPS was the first site I believe, and it was the one we added first. It
was a bonus that it had an "Official Reputation" or Commercial aspect to it.
It was a bonus in any promotion we would be making. But it was off by
default. Didn't want customers saying "Hey, whats all these pings!" to this
When relays.osirusoft.com came along, I believe it offer the best results,
so good, it became the default site for our setup.
However was also so good, it was a prime target for a dual DoS offensive
attack when SORBIG was released. But because it was not a "official"
commecial site, with no beholdings to "customers," the site owner took
vengence and rejected all ping request to it.
So sure, why do something we really shouldn't have to be doing?
I agree some standardization of the RBL sites should be done. They are here
Hector Santos, Santronics Software, Inc.