From: Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu>
...
His mate is a wise man. RBLs are a really terrible idea, and they've
caused a lot of valid mail to be rejected. There's really no way to
reliably determine that a message is spam based on the IP address or
sender's domain name. The most you should do with RBLs is delay or
rate-limit mail from the blacklisted sites, you should never reject
such mail.
..
It's never clear to me what Keith Moore means by "RBL" when he repeats
that claim. Those three letters are a registered service mark for a
product that historically has been run so conservatively that claims
that should not be used to reject mail sound silly. You would certainly
want to do more than just rate limit Cyberpromo's spam.
He might be referring to other DNS (or BGP) distributed, more or less
real time blacklists. Depending on which of the zillions of lists he
is talking about, his claim is either entirely accurate or even worse
than it would be if it refers to MAPS's RBL(sm). Some DNS blacklists
are at best used for scoring and only by those who don't mind affecting
legitimate email. Other DNS blacklists have false positive rates
(legitimate rejected/total legitimate) below 0.01% that allow them to
be used by corporations that would rather receive 1000 spam than reject
one legitimate message.
If his claim refers to private blacklists, then it is obvious nonsense.
There are many IP addresses (e.g. WholesaleBandwidth's /18) that will
never send mail that anyone but a spammer wants delivered for the
foreseeable future. Then there are private blacklists of domain names
that are undeniably valid targets of complete blacklisting, starting
with Cyberpromo.com.
The clear and undesputed (except by spammers and some others with
special interests) consensus is that blacklists are undesirable but
entirely legitimate, useful, and often necessary mechanisms for dealing
with network abuse by rejecting, not just delaying mail. The buyer
(or user) must beware, but Keith Moore blanket condemnation of "RBLs"
is simply wrong. His apparent claim that SMTP servers must accept
mail from everywhere as much sense as claims R. Stallman's complaints
20 years ago closed telnet ports.
Note none of the SMTP servers I run use any DNS (or BGP) SMTP
blacklists. He's not trying to gore any of my oxen.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com