More censorware stupidity, from the anti-spam camp

[Stanton McCandlish]

Jonathan Wallace's BESS/N2H2 post reminds, me...

A friend of mine runs a "garage ISP", on which I run some mailing
lists.  I got deluged with bounces the other day, all from a new
subscriber.  The mail from the (hi-traffick) list they'd joined was all
being returned, with a notice from that person's ISP saying that the
mail was blocked because the site it was sent from is blacklisted on
the ORBS anti-spam blacklist for running an open mail relay.  Funny
thing is, my friend's little ISP has not run an open mail relay is well
over a year.  Not only that, but ORBS is dead.  The "organization"
folded, and no updates to their blacklists have been published in
months.

The upshot of this is pretty scary, given that an estimated 40% of US
ISPs and 20% of ALL ISPs are using ORBS, MAPS and other.  Your ability
to communicate via SMTP with your friends, family and associates around
the world is largely dependent on sysadmins remembering to dilligently
update their blacklist subscriptions and thinking to ensure that their
chosen blacklist is actually still viable (as much as any of them can
be called that to begin with).  Not only that, but when a
spamcensorware maker kicks the bucket, if your site is blacklisted *it
can never be unblacklisted ever again, from that particular list, for
all eternity* and some site somewhere WILL be using that blacklist, for
years.  Meanwhile innocent list admins get tarred with bounce floods,
people cannot reach who they are trying to mail, and users whose ISPs
don't bother to inform them much less adhere to an opt-in (or even
opt-out) spambouncing policy will not receive mail intended for them
and often never even know about it.

The only thing worse than a blacklist, is a blacklist that is "in-play"
in the real world, but not being corrected.

If/when MAPS dies, this problem is going to *explode*.  Hardly anyone
used ORBS and this has already caused a lot of people severe headaches
that still continue.  But, maybe the problem will be so big if/when
that happens that blacklists will largely be simply abandoned.

NB: I'm not against individual spam filtering - I do it agressively
myself, and subscribe to several group-maintained *invidual-use*
blacklists that I've chosen to trust (more or less).  I'm referring to
ISP-level "stealth blocking", esp. that based on the technical
capabilities of the sending site, rather than said site being a known
spam house.
-- 


--
Stanton McCandlish      mech at eff.org       http://www.eff.org/~mech
Technical Director/Webmaster         Electronic Frontier Foundation
voice: +1 415 436 9333 x105                    fax: +1 415 436 9993
EFF, 454 Shotwell St.                    San Francisco CA 94110 USA

---