Jonathan Wallace's BESS/N2H2 post reminds, me... A friend of mine runs a "garage ISP", on which I run some mailing lists. I got deluged with bounces the other day, all from a new subscriber. The mail from the (hi-traffick) list they'd joined was all being returned, with a notice from that person's ISP saying that the mail was blocked because the site it was sent from is blacklisted on the ORBS anti-spam blacklist for running an open mail relay. Funny thing is, my friend's little ISP has not run an open mail relay is well over a year. Not only that, but ORBS is dead. The "organization" folded, and no updates to their blacklists have been published in months. The upshot of this is pretty scary, given that an estimated 40% of US ISPs and 20% of ALL ISPs are using ORBS, MAPS and other. Your ability to communicate via SMTP with your friends, family and associates around the world is largely dependent on sysadmins remembering to dilligently update their blacklist subscriptions and thinking to ensure that their chosen blacklist is actually still viable (as much as any of them can be called that to begin with). Not only that, but when a spamcensorware maker kicks the bucket, if your site is blacklisted *it can never be unblacklisted ever again, from that particular list, for all eternity* and some site somewhere WILL be using that blacklist, for years. Meanwhile innocent list admins get tarred with bounce floods, people cannot reach who they are trying to mail, and users whose ISPs don't bother to inform them much less adhere to an opt-in (or even opt-out) spambouncing policy will not receive mail intended for them and often never even know about it. The only thing worse than a blacklist, is a blacklist that is "in-play" in the real world, but not being corrected. If/when MAPS dies, this problem is going to *explode*. Hardly anyone used ORBS and this has already caused a lot of people severe headaches that still continue. But, maybe the problem will be so big if/when that happens that blacklists will largely be simply abandoned. NB: I'm not against individual spam filtering - I do it agressively myself, and subscribe to several group-maintained *invidual-use* blacklists that I've chosen to trust (more or less). I'm referring to ISP-level "stealth blocking", esp. that based on the technical capabilities of the sending site, rather than said site being a known spam house. -- -- Stanton McCandlish mech@eff.org http://www.eff.org/~mech Technical Director/Webmaster Electronic Frontier Foundation voice: +1 415 436 9333 x105 fax: +1 415 436 9993 EFF, 454 Shotwell St. San Francisco CA 94110 USA ---