How NOT to block spam
Everyone hates sifting through electronic piles of junk mail. At best, it’s a huge waste of time. At worst, you can inadvertently open a message that can infect your system with a virus or spyware. An entire industry has grown out of the desire of individuals and corporations to stop the flood of junk.
While this is generally a good thing, it’s possible to go too far in the wrong direction.
There are a large number of services out there that compile lists of IP addresses of known spammers. These lists can be useful as part of an overall spam prevention strategy. When you use one of these services, the service will block messages from IP addresses in their “blacklist.” However, it’s extremely important to examine where services obtain and how they generate these lists.
What happens if a service you’re using to block spam has a few incorrect IP addresses? Anyone sending you an e-mail from one of those IP address will have it bounced back.
Now what happens when a service decides to take an entire block of 500 IP addresses and ban them because someone with an IP close to yours has been spamming? You will be unable to send messages to anyone subscribing to the list.
What if you switch to a new Internet provider and the IP address you’re now using was previously assigned to a spammer, so is blocked? Same result – you will be unable to send messages to anyone subscribing to the list until you jump through their hoops to get it removed.
A number of these services are established by groups of individuals as “volunteer” organizations. Most recently we ran into a large one called “SORBS” (Spam and Open Relay Blocking System). There’s an excellent Wikipedia article describing the service here:
One of our clients that uses TDS DSL recently starting running into issues sending messages to certain domains. It turns out SORBS decided to add approximately 500 TDS IP addresses to its blacklist. Our client did not spam, nor did they have an open relay. They were just unlucky that someone else with an IP address close to theirs did. Instead of simply blocking the single IP address causing the issue, SORBS arbitrarily added an entire block of addresses owned by TDS to their system. In fact, huge companies such as Hotmail, Yahoo and Google have had to deal with incorrect listings on SORBS.
To remove your IP from SORBS is not always an easy matter. If you Google SORBS you will find many stories of how difficult it can be. Because SORBS is run by volunteers, and it is a privately maintained list, they answer to no one.
While the goal is noble, SORBS seems to be a company that has pushed too far in the wrong direction. In fact, some of these organizations are starting to get into legal trouble over these issues. It’s hard to decide who to root for in situations such as these:
Spamhaus domain name may be suspended
Spamhaus is similar to SORBS in that they maintain a list of IP’s that are supposedly used by spammers. I have not had the pleasure of dealing with Spamhaus, but based on the article above, it sounds extremely difficult to have your IP removed. In this case the “spammer” actually won an $11.7 million judgment because Spamhaus would not remove them from their list. Whether the plaintiff in this particular case actually is not a spammer is debatable.
What’s the solution? People that utilize services such as SORBS and Spamhaus need to run additional checks against the IP addresses on the list. It’s never a good idea simply to rely on a single source. There are plenty of services out there. In fact, DNSStuff.com will display hundreds of lists when you use the site to determine whether your IP is listed on any services.
In addition, the services need to be more responsive to valid user requests for removal from the list.
Finally, they need to avoid applying overbroad policies when an IP address that is spamming is found.
If you have any questions at all, you can e-mail me at john@itprosusa.com.
Legal News, News, Tech News | jwilets | 
October 12, 2006 12:48 am
Subscribe