![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: Open Proxy SCBL Rules
K. Crocker
nobody at spamcop.net
Thu Feb 3 09:04:32 EST 2005
Bert Driehuis wrote:
> K. Crocker wrote:
>
>> If the open proxy determination was simple and bullet proof, I don't
>> see a reason why it shouldn't be used to prevent known chronic repeat
>> offenders from moving back into my neighborhood, to borrow from a
>> different analogy.
>
>
> John Malmberg addressed most concerns I had with the original posting,
> so this is just a minor addition.
>
> Determining that IP address X is an open proxy is not trivial. Proxies
> are known to migrate from IP address to address as DHCP leases get
> renewed, they're known to migrate from TCP port to port (and, to add
> insult to injury, do so under the control of the spammer), and they are
> notoriously flaky, especially under the load the spammers put on them.
>
> Both DSBL and opm.blitzed.org require reporters to prove the
> vulnerability by having the system connect to the listing service, and
> at the best of times 80% of IP/port combinations result in a listing.
> Actual conversion rates are closer to 40% for a variety of reasons. A
> ten minute delay between discovering a vulnerability and reporting it
> can blow the listing.
>
> If your ISP used both blitzed and DSBL in addition to the Spamcop BL
> you'd be golden. My personal estimate is that the Spamcop BL is the most
> aggressive of the three, once dynamic IP space is taken out of the
> equation.
First, let me thank both of you for your comments. You are obviously
both more knowledgeable than me and I appreciate the time you took to
educate this neophyte.
I made a request of my ISP to reveal the anti-spam steps they take and
how effective they are at blocking spam. My ISP was recently acquired
by another company, so its unclear (at least to me) whether their
methods are consistent across both company's servers. Their reply was
terse:
> Currently, we use a number of RBL's:
>
> sbl.spamhaus.org
> bl.spamcop.net
> dnsbl.njabl.org
> list.dsbl.org
> relays.ordb.org
> dynablock.njabl.org
> dnsbl.sorbs.net
> cbl.abuseat.org
I'd appreciate your comments based on this list. Like I said in a
previous post, I'm still getting at least 40 spam a day, but I have no
idea how many are blocked (I asked and they didn't tell). They have
generally been a reliable ISP over the years, but sometimes they lack a
certain attention to detail. For example, when I sent my info request
to the advertised support address, it bounced with:
550 5.1.1 /usr/home/hostmaster/.forward: line 5: ~... User unknown
Fortunately, their phone works!
Regards,
Ken Crocker
More information about the SpamCop-List
mailing list