In
<C6DDA43B91BFDA49AA2F1E473732113E0A190B(_at_)mou1wnexm05(_dot_)vcorp(_dot_)ad(_dot_)vrsn(_dot_)com>
"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> writes:
You better believe they do. Some of the big ones have been
the target of
multiple lawsuits.
Perhaps best to leave the running of such servers to hard to pin down
groups such as SPEWS, eh?
Not really, some of the lawsuits were entirely justified. One blacklist
listed its own ISP when they demanded payment of unpaid bills.
I'm not sure what your "Not really" comment is replying to. While I
agree that there have been a large number of very badly run DNSBLs out
there, this doesn't change the fact that some of the best known DNSBLs
have been the target of multiple lawsuits.
The reason to DNSBLs to be hard to pin down is very easily expanded
by your further comments of:
none of the blacklists have adequate resources to defend against them.
So a 'dow-corning' type legal attack where the sheer number of suits
brought pushes the defendant into bankruptcy regardless of the merits is
a real risk. But not all of the suits brought are without merit.
So, there ya are. Running a public SPF server opens you up to a
'dow-corning' type legal attack.
If a blacklist takes it into their head to list my connection under the
idiotic theory of 'collateral damage' they are very likely to receive a
lawsuit for contractual interference. Try it sometime it really works.
Uh huh. This is very close to being a cartooney. Go make similar
posts over on NANAE and you will be listed in some (private) DNSBLs.
Then you will have a chance to put your money where your mouth is.
There is a reason MAPS settled many of those early lawsuits, the
companies that brought them were not selling penis potions or the like.
Maps won most of their lawsuits, and settled a few. It was costly for
them though.
The big problem with the blacklists is that they demand that the world
be accountable to them but they absolutely refuse to be accounable to
anyone but themselves. They make up the rules, they decide how to
implement them, they refuse to be held accountable for the consequences.
Uh, DNSBL operators publish an opinion. There is no demand, and there
is no reason why they should be accountable to anyone for their
opinions.
I have yet to see anyone say that they would use SPEWS as an actual
blacklist.
Pop on to NANAE or NANAB sometime. Apparently there are not only a
lot of people blocking email using SPEWS, but the number appears to be
growing.
It does get used in some scoring systems, but anyone using it
for real would lose much of their legitimate email.
When I used to use SPEWS (I don't any more), I used it via
SpamAssassin for scoring. However, the false positive numbers from
SPEWS is amazingly low, considering how aggressive they are. You don't
quantify "much", but I doubt that you would lose over 1%. That may be
"too much" for many people, but you seem to imply that you would lose
much more.
For all the net
knows SPEWS could be run by a spammer, they could take their spam
sources off the list whenever they want to spam but list the addresses
of their competition.
Yeah, I've heard that paranoid claim before, but even if SPEWS is run
by a spammer, the fact that it blocks a lot of spam is still useful.
Other DNSBLs can block the "spammer who runs SPEWS".
I think that the blacklist idea has pretty much run its course at this
point. Filtering is a much more powerfull idea.
I strongly disagree that DNSBLs are fading out. All evidence that I
have is that their use is growing. More importantly, the number of
well-run and effective DNSBLs is growing. The CBL is very new, but
also very good.
The 'blacklists' used by
the big ISPs today are internal lists that are simply IP addresses that
have been the source of large quantities of mail tagged as spam by the
filters.
Uh huh. So, DNSBLs are used by the big ISPs, they are just harder to
pin down.
-wayne