I just had another conflict with a debatable anti-spam configuration. I think it was debatable rather than obviously wrong, so I’m not going to rant about the specific setup, but while discussing it with other postmasters, the following two Domain Name Service Blacklist (DNSBL) facts surprised me:
- UCEPROTECT3 can be evaded if you pay them EUR 75 every 2 years. UCEPROTECT is a German organisation but refuses to publish the details usually found on an Impressum so you could be funding spammers, for all you know. Their four suggestions to stop spam (no C-R, rate limits, block port 25, refuse to sell) seem so unlikely to stop spam it’s either naïve or insincere.
- SORBS asks ISPs to pay USD 50 to get delisted from the SORBS SPAM database. It’s to charity rather than SORBS, but it still seems like a protection racket. Spammers can get out of jail for a few dollars?
Those lists both seem quite trigger-happy to me, which isn’t surprising as these payment demands encourage listing first and asking questions later. It means I won’t be using these two lists anywhere soon.
The problem with UCEPROTECT that entire Brazilian ASN are listed. I think entire Brazil is listed there so.
This is real problem, because one bad user in the same IP class can mess with others good users.
SORBS apparently no longer charges for removal, see http://lists.ausnog.net/pipermail/ausnog/2010-October/008660.html et seq. for full details.
I browsed the thread and http://lists.ausnog.net/pipermail/ausnog/2010-October/008704.html seems to say that, but the email is unsigned and the website still say otherwise. Confusing. At best, SORBS seems trigger-happy and dysfunctional.