DNS Blacklists Suck

Note: This entry has been restored from old archives.

In a passive effort to “fight spam” I made some changes to my filtering. First I configured postfix to use a few reputable blacklists, four in total; second I started using several of the RulesDuJour SA rules.

This has worked fairly well, I’m not getting much spam hitting my main mailboxes now. But I’m now down to two blacklists, why? Because dnsbl.sorbs.net and bl.spamcop.net have had to be removed because they block important legitimate email. Mail from some family members who use Hotmail has been blocked by SORBS and mail from some online services that use Yahoo servers have been blocked. Causing Yahoo and Hotmail servers to be blocked is not good; I understand the argument that “if they allow spam to be sent they should be blocked” but I cannot agree with it in practice. It is just too inconvenient – and if you make things inconvenient people wont use them. While you may hope that it makes using Hotmail a pain in the arse and thus not used the truth is it’ll make use of your blacklist the PITA and it’ll be dropped well before people stop using one of the world’s most popular email services. (Just try explaining to a tech-illiterate Hotmail user that they should stop using Hotmail because your mail server blocks their email; watch their eyes glaze over when you attempt to argue that they’re supporting spam by using Hotmail and should stop. I can’t believe I used to actually think like that, Hotmail works for them and it works for their family and for all their friends and as far as they’re concerned you can just get back into your little geek hole and die.)

I can see the value in commercially maintained blacklists in this arena, a company that need to sell a blacklist is going to make sure that there is a balance between the effectiveness of their lists and the potential inconvenience caused. Ordered, well thought out and, ultimately, profit-margin driven goals can sometimes beat fanaticism. Unfortunately I can’t use their blacklists for free on my little server and life is expansive enough without paying for a list of numbers. It’d be nice for a company to make lists free for small users for “the good of the Internet”; but the big profits lie in the millions of small users who’ll pay a little and not the thousands of big users who’ll pay a lot.

What makes it sadder is that of the 143 emails blocked in the last 40 hours only one has been from a Yahoo server and it was legitimate. I’m forced to lose all the good entries in the SpamCop blacklist because of a minority of bad ones that make their services unusable.

No complaints about RulesDuJour by they way, I’m happy with that so far (almost all the spam that gets through the blacklists is caught and no false-positives so far, and the difference with a SpamAssassin rule as opposed to an MTA blacklist is that even if you do have an FP you still have the email in quarantine!). I’m still using SORBS and SpamCop but they’re in SpamAssassin now, they’ve lost their ‘very good spam indicator’ privileges.

The two remaining blacklists are DSBL and SpamHaus… we’ll see how long they last.