spamsources.fabel.dk

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
dln
Reply | Threaded
Open this post in threaded view
|

spamsources.fabel.dk

dln
Testing my email domain reveals all the DMARC, SPF, etc, recs are
correct and working.

However, there is one blacklist that lists my domain/IP-address, and has
done for some time. (so there's no time-out for good behavior then! I've
had the IPaddr for some years, but who knows what was happening before
then?)

When I follow the instructions and attempt a "Delist request for
spamsources.fabel.dk" they quickly assure me that they won't spam me,
but seem to demand a GMail account. So, one security issue (spam) is
traded for another (tracking).

Are these people part of Google?
Do you know of some other way to contact them using a secure and private
email account?
Is their blacklist widely used anyway?
--
Regards,
=dn
Reply | Threaded
Open this post in threaded view
|

Re: spamsources.fabel.dk

Vincent Pelletier
On Fri, Dec 4, 2020 at 11:26 AM David Neil <[hidden email]> wrote:
> When I follow the instructions and attempt a "Delist request for
> spamsources.fabel.dk" they quickly assure me that they won't spam me,
> but seem to demand a GMail account. So, one security issue (spam) is
> traded for another (tracking).
>
> Are these people part of Google?
> Do you know of some other way to contact them using a secure and private
> email account?
> Is their blacklist widely used anyway?

Unpopular opinion time: this specific DNSBL single-handledly managed to
convince me, a lowly email admin trying to be good, that DNSBLs are trying
to make me do their work for them.

They blacklist entire hosting companies subnets, despite the subnets hosting
independently-administrated servers: I'm not the hosting company, so how
can I request unlisting and answer "what steps were taken to fix the issue" in
good faith ?
They suggest using Mandrill as a reputable SMTP relay, and then manage to
blacklist some of Mandrill's own outgoing IPs.

So to be able to use emails I have to fight for the reputation of my server's IP
(fair enough), fight my paid-for server's hosting company subnet reputation
(so I guess I need to migrate my services from provider to provider everytime
there has been mass infections by a spam worm in that specific corner of
the internet), fight my paid-for email relay outgoing server reputation (so even
the solution recommended by the very DNSBL is being blocked), and then
spend unpaid time curating their list for them so it can be used by even more
inbound filters and they can cause me more headaches the next time
they fancy ? All the while my users cannot discuss with their customers and
providers which rely on this list (without even realising it) ?

Sure, they can count on it and drink water.
--
Vincent Pelletier
Reply | Threaded
Open this post in threaded view
|

Re: spamsources.fabel.dk

Viktor Dukhovni
In reply to this post by dln
On Fri, Dec 04, 2020 at 03:24:48PM +1300, David Neil wrote:

> Do you know of some other way to contact them using a secure and private
> email account?  Is their blacklist widely used anyway?

Unlikely... Just ignore them.  Receiving systems should choose their
RBLs with care.  Use of marginal exotic RBLs is not recommended.

--
    Viktor.
dln
Reply | Threaded
Open this post in threaded view
|

Re: spamsources.fabel.dk

dln
In reply to this post by Vincent Pelletier
On 04/12/2020 16:11, Vincent Pelletier wrote:

> On Fri, Dec 4, 2020 at 11:26 AM David Neil <[hidden email]> wrote:
>> When I follow the instructions and attempt a "Delist request for
>> spamsources.fabel.dk" they quickly assure me that they won't spam me,
>> but seem to demand a GMail account. So, one security issue (spam) is
>> traded for another (tracking).
>>
>> Are these people part of Google?
>> Do you know of some other way to contact them using a secure and private
>> email account?
>> Is their blacklist widely used anyway?
>
> Unpopular opinion time: this specific DNSBL single-handledly managed to
> convince me, a lowly email admin trying to be good, that DNSBLs are trying
> to make me do their work for them.
>
> They blacklist entire hosting companies subnets, despite the subnets hosting
> independently-administrated servers: I'm not the hosting company, so how
> can I request unlisting and answer "what steps were taken to fix the issue" in
> good faith ?
> They suggest using Mandrill as a reputable SMTP relay, and then manage to
> blacklist some of Mandrill's own outgoing IPs.
>
> So to be able to use emails I have to fight for the reputation of my server's IP
> (fair enough), fight my paid-for server's hosting company subnet reputation
> (so I guess I need to migrate my services from provider to provider everytime
> there has been mass infections by a spam worm in that specific corner of
> the internet), fight my paid-for email relay outgoing server reputation (so even
> the solution recommended by the very DNSBL is being blocked), and then
> spend unpaid time curating their list for them so it can be used by even more
> inbound filters and they can cause me more headaches the next time
> they fancy ? All the while my users cannot discuss with their customers and
> providers which rely on this list (without even realising it) ?
>
> Sure, they can count on it and drink water.


Evidently we share frustration.

The 'silent drop' bothers me - the message author went to some trouble
to write. Does (s)he deserve such treatment? Who takes responsibility
for the 'damage' breaking the author-reader relationship? (personal or
business)

The undeniable need is to stop the flow of garbage. Yes, I'm in-favor of
that! So, it is justified (reading some of the BL outfits' notes) that
fake-messages are not returned to unwitting email accounts, because it
adds to traffic volume/nothing they can do/etc - or is it?

We have to jump-through-hoops in order to build an email server that
works responsibly. The SPF/DKIM/DMARC processes clearly link domain (if
not account) and IP address. So, surely there is a clear difference
between some 'bad actor' spoofing my email address and sending spam from
his IP, and me sending 'legal' messages from my IPaddr? Accordingly, why
are such email 'control systems' not used to differentiate when it comes
to providing (valuable!) feedback? eg Sorry dn, we have received this
message from the correct SMTP-server, but that IPaddr appears in our
black-list...


Surely, the idea of lumping-together everyone using a hosting provider,
VPS, or cloud service is pure laziness? Alternately, arrogance: 'my
clients will believe me before they believe you'? That they then make it
difficult for the innocent to seek clarification seems obstructive. One
could even argue that before being found 'guilty', a message to
abuse@domain-in-question would enable one to mount a 'defence'.


The world (well, maybe not places like America) is moving to the
expectation that digital-leaders be held to a more responsible standard
and more reasonable behavior. Customer first?
--
Regards =dn
Reply | Threaded
Open this post in threaded view
|

Re: spamsources.fabel.dk

Vincent Pelletier
On Thu, 10 Dec 2020 08:38:30 +1300, David Neil <[hidden email]> wrote:
> Evidently we share frustration.

This is an understatement :) .
Just seeing the subject of your original email made my blood pressure
go all over the place.

> The 'silent drop' bothers me - the message author went to some trouble
> to write. Does (s)he deserve such treatment? Who takes responsibility
> for the 'damage' breaking the author-reader relationship? (personal or
> business)

I'm not sure what the "silent drop" is about...
Some recipient server is setup to pretend-accept your emails when you
are listed on that DNSBL ?

Because AFAIK the DNSBL, for all my negativity about them, do not
mandate any special treatment in case of positive match. If the mail
admin decided to trust that specific DNSBL and use pretend-accepts, I
would suggest they do not show a habit of making sane configuration
choices.

> The undeniable need is to stop the flow of garbage. Yes, I'm in-favor of
> that! So, it is justified (reading some of the BL outfits' notes) that
> fake-messages are not returned to unwitting email accounts, because it
> adds to traffic volume/nothing they can do/etc - or is it?

This would be backscatter spam I guess. The modern solution to this is
SMTP-transaction-time rejection rather than bounces. It should not
require pretend-accepts.

> We have to jump-through-hoops in order to build an email server that
> works responsibly. The SPF/DKIM/DMARC processes clearly link domain (if
> not account) and IP address. So, surely there is a clear difference
> between some 'bad actor' spoofing my email address and sending spam from
> his IP, and me sending 'legal' messages from my IPaddr?

Nobody is exempt from a compromised account or a compromised machine,
so I do recognise a need beyond SPF/DKIM/DMARC.
But not everybody has what it takes to be a good DNSBL, and not all
DNSBL should be treated equally. Some are just in it way above their
head in how clean they can keep their list of false positives and/or
false negatives.

In my experience, recipients do not realise they are relying on
such 3rd-parties they themselves have no control over. They do not have
a contract with the DNSBL, so there is nothing to denounce, so it does
not exist.

> Accordingly, why
> are such email 'control systems' not used to differentiate when it comes
> to providing (valuable!) feedback? eg Sorry dn, we have received this
> message from the correct SMTP-server, but that IPaddr appears in our
> black-list...

Sadly, in such arms race details are ammunition. Giving them to the
unauthenticated is letting them poke around to find the next weakness.

I would rather argue that accountable mail admins would be a huge gain:
the recipient entity, if a legitimate email got lost, should review
their mail filtering practices. Which means they must not be vulnerable
to BOFH gaslighting them about what an acceptable filtering policy is,
which require technical literacy about emails beyond the direct admin.
And I am happy to submit to this myself (then again, I'm in a small
tech company which had sane email policies from way before I joined).

Then, complaints can follow the contract: sender can complain that
recipient is losing their emails, which prevents them from fulfilling
the contract. Recipient puts their email admin in relation with the
unhappy sender, they are now not anonymous anymore, useful details get
exchanged, the badmouthing DNSBL nobody has a contract with anyway is
finally cast away, the cowboy gallops towards the setting sun, the end.
--
Vincent Pelletier
Reply | Threaded
Open this post in threaded view
|

Re: spamsources.fabel.dk

@lbutlr
On 10 Dec 2020, at 03:58, Vincent Pelletier <[hidden email]> wrote:
> On Thu, 10 Dec 2020 08:38:30 +1300, David Neil <[hidden email]> wrote:
>> Evidently we share frustration.
>
> This is an understatement :) .
> Just seeing the subject of your original email made my blood pressure
> go all over the place.

One of the early blacklists was called SPEWS and it had a similar model as what it appears this one is using, where it decides to ban and tire network as ounative punishment for one spammer. They also did not have a good track record of dealing rationally with people who were not spammers and generated a lot of ill-will. I was on a fixed IP on a class C that was listed by slews because a user hacked into an entirely different system on a different domain and sent out a bunch f spams. The ISP shut down the connection quickly, leaned the system, and the spam stopped. The entire class C was listed for months.

<https://en.wikipedia.org/wiki/Spam_Prevention_Early_Warning_System>

I'd check mxtoobox and check your blacklsits listing there. If there are other non FABEL hits, then definitely try to fix your setup If it's just label, move along.
 
> I'm not sure what the "silent drop" is about...
> Some recipient server is setup to pretend-accept your emails when you
> are listed on that DNSBL ?

Some setups do this. Certainly before psotscreen if I received mail and SA scored it above a certain level the mail was effectively silently dropped. (Not in point of fact, it was recoverable for a week, just in case, but it was not delivered to the target account).

I've seen a lot of comments about lack or response, lack of consistency, and lack of removal from this RBL. Sadly, there's nothing you can do about a incompetent RBL or the people who use it.

--
'People need vampires,' she [Granny] said. 'They helps 'em remember
        what stakes and garlic are for.' --Carpe Jugulum

Reply | Threaded
Open this post in threaded view
|

Re: spamsources.fabel.dk

Bill Cole-3
On 10 Dec 2020, at 6:48, @lbutlr wrote:

> On 10 Dec 2020, at 03:58, Vincent Pelletier <[hidden email]>
> wrote:
[...]
>> I'm not sure what the "silent drop" is about...
>> Some recipient server is setup to pretend-accept your emails when you
>> are listed on that DNSBL ?
>
> Some setups do this. Certainly before psotscreen if I received mail
> and SA scored it above a certain level the mail was effectively
> silently dropped. (Not in point of fact, it was recoverable for a
> week, just in case, but it was not delivered to the target account).

That's entirely due to a conscious choice in the design of the receiving
system in how SpamAssassin has been integrated. It is NOT an inherent
behavior of SA, which only scores messages and does not itself implement
any sort of message disposition. For as long as Postfix has had
before-queue filtering, it has been able to avoid the no-winners contest
between "silent drop," "silent quarantine," and "backscatter," no matter
which tactics are being used by filtering tools.

--
Bill Cole
[hidden email] or [hidden email]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
Reply | Threaded
Open this post in threaded view
|

Re: spamsources.fabel.dk

@lbutlr
On 10 Dec 2020, at 07:12, Bill Cole <[hidden email]> wrote:
> On 10 Dec 2020, at 6:48, @lbutlr wrote:
>
>> Some setups do this. Certainly before psotscreen if I received mail and SA scored it above a certain level the mail was effectively silently dropped. (Not in point of fact, it was recoverable for a week, just in case, but it was not delivered to the target account).
>
> That's entirely due to a conscious choice in the design of the receiving system in how SpamAssassin has been integrated. It is NOT an inherent behavior of SA,

Yes of course, I did not mean to imply this was SA doing it, I thought that was clear.

--
7-Up? What happened to Ups 1-6?