[SpamCop-List] Re: Open Proxy SCBL Rules

[Bert Driehuis]

K. Crocker wrote:

> If the open proxy determination was simple and bullet proof, I don't see 
> a reason why it shouldn't be used to prevent known chronic repeat 
> offenders from moving back into my neighborhood, to borrow from a 
> different analogy.

John Malmberg addressed most concerns I had with the original posting, 
so this is just a minor addition.

Determining that IP address X is an open proxy is not trivial. Proxies 
are known to migrate from IP address to address as DHCP leases get 
renewed, they're known to migrate from TCP port to port (and, to add 
insult to injury, do so under the control of the spammer), and they are 
notoriously flaky, especially under the load the spammers put on them.

Both DSBL and opm.blitzed.org require reporters to prove the 
vulnerability by having the system connect to the listing service, and 
at the best of times 80% of IP/port combinations result in a listing. 
Actual conversion rates are closer to 40% for a variety of reasons. A 
ten minute delay between discovering a vulnerability and reporting it 
can blow the listing.

If your ISP used both blitzed and DSBL in addition to the Spamcop BL 
you'd be golden. My personal estimate is that the Spamcop BL is the most 
aggressive of the three, once dynamic IP space is taken out of the equation.