Terry Zink: Security Talk

Discussing Internet security in (mostly) plain English

My take on blacklists - what's known, what's misunderstood and what's too good to be true

My take on blacklists - what's known, what's misunderstood and what's too good to be true

  • Comments 1

One of the stories that is circulating around the Internet this week is the announced imminent closure of the SORBS blocklist.  Al Iverson of SpamResource has a good summary of it.  SORBS has had its share of criticism in the past, however.  From Wikipedia:

Spam database removal procedure

In order for IP addresses that have spammed in the past to be removed from the spam database, SORBS requires what it calls a "fine" in the form of a US$50 donation to a registered charity. This donation is only required for deletions from the spam database that have not expired automatically, and it is waived both for IP addresses that have been reallocated elsewhere or if the ISP implements outbound content-based spam countermeasures.  However, because of these requirements, SORBS's removal procedure has been compared to extortion, but SORBS says it is not.

In the antispam community, this particular blocklist has had its detractors who say that dealing with the list has been a nightmare.  On the opposite end, others say that the list has been nothing but professional with them.

I won't comment or give my particular opinion on SORBS.  Rather, the announced closure of the list has prompted me to finally start a small mini-series on a topic that has been floating about in my head for several months now: what does it take to set up and run an RBL?  And, more importantly, what does it take to maintain an RBL?

The goal of this series is to examine what goes on behind the scenes of compiling and maintaining an RBL.  We've run a private one for three or four years now and maintaining it has been no picnic.  Things break down, disks run out of space and the people who wrote the original scripts (in three days with tons of bugs) move on.  Thus, I suppose one could call this the Complete Guide to Running a Blocklist in the Real World.

Remember, I deal with reality.  Because we run a service, we know who our blocklists affect and that it impedes real mail flow.  We also deal actual complaints and our policies are affect accordingly.  It should be a good series.

Leave a Comment
  • Please add 6 and 4 and type the answer here:
  • Post
  • Just a note: Are you aware of the documents coming out of the IRTF's AntiSpam Research Group (ASRG)?

    DNS Blacklists and Whitelists

    http://tools.ietf.org/html/draft-irtf-asrg-dnsbl-08

    This describes how DNSBLs work, technically, and specifically says nothing about management and policies.  It was approved as an informational RFC in December, but seems to have stalled; I've just pinged the Area Director to see what's happened.

    Guidelines for Management of DNSBLs for Email

    http://tools.ietf.org/html/draft-irtf-asrg-bcp-blacklists-05

    This is the one that talks about management of DNSBLs.  It's intended as a BCP, but also went into an idle state.  I've sent out an inquiry on that too.

Page 1 of 1 (1 items)