The Guru College
SPAM and Blacklists
I promise not to turn this blog into a ranting device. I don’t want to be that negative all the time, and there are people who are much funnier than I am, who can sound witty when complaining. I worry that I fall much more into the bitter or cynical side, and I’d like to avoid that. All of that said, however, I’m going to post my 2nd consecutive complaint about a technology issue that really doesn’t have to be as broken as it is. And that technology is blacklists.
For those who don’t know much about them, and the damage they cause, here’s a short summary – a bunch of systems administrators years ago decided that it was too difficult to write logic to block SPAM or other badness coming into their servers, and to just shut off the connection to people who were abusing the internet. A bunch of different people ran different lists, with varying levels of severity – sometimes the administrators were lazy and didn’t list a lot (which limited the effectiveness of the list) or were over zealous (which falsely blocked people who were conducting legitimate business). Many lists were an add-only affair, and once you were listed, it was nigh impossible to get off the list.
To be very clear, I have no problem whatsoever with people making and using these lists for their organizations. In my career I’ve had to block large numbers of addresses for short periods of time to find workarounds to things. What I can’t stand, though, is people who use external blacklists, and blindly follow them. The one that came up this week is the Composite Blocking List, a list that is fully automatic based on some criteria their script runs on. They are very proud to note that they don’t list mail servers unless:
the only exception is if the mail server machine itself is infected with a virus, trojan or open proxy of some sort.
Then why have I removed my mail server from the list twice in the last three days? I would love to contact them and find out what the beheivor of my server is that it running afoul of their policy, but alas, it’s really hard to find contact info on their website.