Testing my email domain reveals all the DMARC, SPF, etc, recs are
correct and working. However, there is one blacklist that lists my domain/IP-address, and has done for some time. (so there's no time-out for good behavior then! I've had the IPaddr for some years, but who knows what was happening before then?) When I follow the instructions and attempt a "Delist request for spamsources.fabel.dk" they quickly assure me that they won't spam me, but seem to demand a GMail account. So, one security issue (spam) is traded for another (tracking). Are these people part of Google? Do you know of some other way to contact them using a secure and private email account? Is their blacklist widely used anyway? -- Regards, =dn |
On Fri, Dec 4, 2020 at 11:26 AM David Neil <[hidden email]> wrote:
> When I follow the instructions and attempt a "Delist request for > spamsources.fabel.dk" they quickly assure me that they won't spam me, > but seem to demand a GMail account. So, one security issue (spam) is > traded for another (tracking). > > Are these people part of Google? > Do you know of some other way to contact them using a secure and private > email account? > Is their blacklist widely used anyway? Unpopular opinion time: this specific DNSBL single-handledly managed to convince me, a lowly email admin trying to be good, that DNSBLs are trying to make me do their work for them. They blacklist entire hosting companies subnets, despite the subnets hosting independently-administrated servers: I'm not the hosting company, so how can I request unlisting and answer "what steps were taken to fix the issue" in good faith ? They suggest using Mandrill as a reputable SMTP relay, and then manage to blacklist some of Mandrill's own outgoing IPs. So to be able to use emails I have to fight for the reputation of my server's IP (fair enough), fight my paid-for server's hosting company subnet reputation (so I guess I need to migrate my services from provider to provider everytime there has been mass infections by a spam worm in that specific corner of the internet), fight my paid-for email relay outgoing server reputation (so even the solution recommended by the very DNSBL is being blocked), and then spend unpaid time curating their list for them so it can be used by even more inbound filters and they can cause me more headaches the next time they fancy ? All the while my users cannot discuss with their customers and providers which rely on this list (without even realising it) ? Sure, they can count on it and drink water. -- Vincent Pelletier |
In reply to this post by dln
On Fri, Dec 04, 2020 at 03:24:48PM +1300, David Neil wrote:
> Do you know of some other way to contact them using a secure and private > email account? Is their blacklist widely used anyway? Unlikely... Just ignore them. Receiving systems should choose their RBLs with care. Use of marginal exotic RBLs is not recommended. -- Viktor. |
In reply to this post by Vincent Pelletier
On 04/12/2020 16:11, Vincent Pelletier wrote:
> On Fri, Dec 4, 2020 at 11:26 AM David Neil <[hidden email]> wrote: >> When I follow the instructions and attempt a "Delist request for >> spamsources.fabel.dk" they quickly assure me that they won't spam me, >> but seem to demand a GMail account. So, one security issue (spam) is >> traded for another (tracking). >> >> Are these people part of Google? >> Do you know of some other way to contact them using a secure and private >> email account? >> Is their blacklist widely used anyway? > > Unpopular opinion time: this specific DNSBL single-handledly managed to > convince me, a lowly email admin trying to be good, that DNSBLs are trying > to make me do their work for them. > > They blacklist entire hosting companies subnets, despite the subnets hosting > independently-administrated servers: I'm not the hosting company, so how > can I request unlisting and answer "what steps were taken to fix the issue" in > good faith ? > They suggest using Mandrill as a reputable SMTP relay, and then manage to > blacklist some of Mandrill's own outgoing IPs. > > So to be able to use emails I have to fight for the reputation of my server's IP > (fair enough), fight my paid-for server's hosting company subnet reputation > (so I guess I need to migrate my services from provider to provider everytime > there has been mass infections by a spam worm in that specific corner of > the internet), fight my paid-for email relay outgoing server reputation (so even > the solution recommended by the very DNSBL is being blocked), and then > spend unpaid time curating their list for them so it can be used by even more > inbound filters and they can cause me more headaches the next time > they fancy ? All the while my users cannot discuss with their customers and > providers which rely on this list (without even realising it) ? > > Sure, they can count on it and drink water. Evidently we share frustration. The 'silent drop' bothers me - the message author went to some trouble to write. Does (s)he deserve such treatment? Who takes responsibility for the 'damage' breaking the author-reader relationship? (personal or business) The undeniable need is to stop the flow of garbage. Yes, I'm in-favor of that! So, it is justified (reading some of the BL outfits' notes) that fake-messages are not returned to unwitting email accounts, because it adds to traffic volume/nothing they can do/etc - or is it? We have to jump-through-hoops in order to build an email server that works responsibly. The SPF/DKIM/DMARC processes clearly link domain (if not account) and IP address. So, surely there is a clear difference between some 'bad actor' spoofing my email address and sending spam from his IP, and me sending 'legal' messages from my IPaddr? Accordingly, why are such email 'control systems' not used to differentiate when it comes to providing (valuable!) feedback? eg Sorry dn, we have received this message from the correct SMTP-server, but that IPaddr appears in our black-list... Surely, the idea of lumping-together everyone using a hosting provider, VPS, or cloud service is pure laziness? Alternately, arrogance: 'my clients will believe me before they believe you'? That they then make it difficult for the innocent to seek clarification seems obstructive. One could even argue that before being found 'guilty', a message to abuse@domain-in-question would enable one to mount a 'defence'. The world (well, maybe not places like America) is moving to the expectation that digital-leaders be held to a more responsible standard and more reasonable behavior. Customer first? -- Regards =dn |
On Thu, 10 Dec 2020 08:38:30 +1300, David Neil <[hidden email]> wrote:
> Evidently we share frustration. This is an understatement :) . Just seeing the subject of your original email made my blood pressure go all over the place. > The 'silent drop' bothers me - the message author went to some trouble > to write. Does (s)he deserve such treatment? Who takes responsibility > for the 'damage' breaking the author-reader relationship? (personal or > business) I'm not sure what the "silent drop" is about... Some recipient server is setup to pretend-accept your emails when you are listed on that DNSBL ? Because AFAIK the DNSBL, for all my negativity about them, do not mandate any special treatment in case of positive match. If the mail admin decided to trust that specific DNSBL and use pretend-accepts, I would suggest they do not show a habit of making sane configuration choices. > The undeniable need is to stop the flow of garbage. Yes, I'm in-favor of > that! So, it is justified (reading some of the BL outfits' notes) that > fake-messages are not returned to unwitting email accounts, because it > adds to traffic volume/nothing they can do/etc - or is it? This would be backscatter spam I guess. The modern solution to this is SMTP-transaction-time rejection rather than bounces. It should not require pretend-accepts. > We have to jump-through-hoops in order to build an email server that > works responsibly. The SPF/DKIM/DMARC processes clearly link domain (if > not account) and IP address. So, surely there is a clear difference > between some 'bad actor' spoofing my email address and sending spam from > his IP, and me sending 'legal' messages from my IPaddr? Nobody is exempt from a compromised account or a compromised machine, so I do recognise a need beyond SPF/DKIM/DMARC. But not everybody has what it takes to be a good DNSBL, and not all DNSBL should be treated equally. Some are just in it way above their head in how clean they can keep their list of false positives and/or false negatives. In my experience, recipients do not realise they are relying on such 3rd-parties they themselves have no control over. They do not have a contract with the DNSBL, so there is nothing to denounce, so it does not exist. > Accordingly, why > are such email 'control systems' not used to differentiate when it comes > to providing (valuable!) feedback? eg Sorry dn, we have received this > message from the correct SMTP-server, but that IPaddr appears in our > black-list... Sadly, in such arms race details are ammunition. Giving them to the unauthenticated is letting them poke around to find the next weakness. I would rather argue that accountable mail admins would be a huge gain: the recipient entity, if a legitimate email got lost, should review their mail filtering practices. Which means they must not be vulnerable to BOFH gaslighting them about what an acceptable filtering policy is, which require technical literacy about emails beyond the direct admin. And I am happy to submit to this myself (then again, I'm in a small tech company which had sane email policies from way before I joined). Then, complaints can follow the contract: sender can complain that recipient is losing their emails, which prevents them from fulfilling the contract. Recipient puts their email admin in relation with the unhappy sender, they are now not anonymous anymore, useful details get exchanged, the badmouthing DNSBL nobody has a contract with anyway is finally cast away, the cowboy gallops towards the setting sun, the end. -- Vincent Pelletier |
On 10 Dec 2020, at 03:58, Vincent Pelletier <[hidden email]> wrote:
> On Thu, 10 Dec 2020 08:38:30 +1300, David Neil <[hidden email]> wrote: >> Evidently we share frustration. > > This is an understatement :) . > Just seeing the subject of your original email made my blood pressure > go all over the place. One of the early blacklists was called SPEWS and it had a similar model as what it appears this one is using, where it decides to ban and tire network as ounative punishment for one spammer. They also did not have a good track record of dealing rationally with people who were not spammers and generated a lot of ill-will. I was on a fixed IP on a class C that was listed by slews because a user hacked into an entirely different system on a different domain and sent out a bunch f spams. The ISP shut down the connection quickly, leaned the system, and the spam stopped. The entire class C was listed for months. <https://en.wikipedia.org/wiki/Spam_Prevention_Early_Warning_System> I'd check mxtoobox and check your blacklsits listing there. If there are other non FABEL hits, then definitely try to fix your setup If it's just label, move along. > I'm not sure what the "silent drop" is about... > Some recipient server is setup to pretend-accept your emails when you > are listed on that DNSBL ? Some setups do this. Certainly before psotscreen if I received mail and SA scored it above a certain level the mail was effectively silently dropped. (Not in point of fact, it was recoverable for a week, just in case, but it was not delivered to the target account). I've seen a lot of comments about lack or response, lack of consistency, and lack of removal from this RBL. Sadly, there's nothing you can do about a incompetent RBL or the people who use it. -- 'People need vampires,' she [Granny] said. 'They helps 'em remember what stakes and garlic are for.' --Carpe Jugulum |
On 10 Dec 2020, at 6:48, @lbutlr wrote:
> On 10 Dec 2020, at 03:58, Vincent Pelletier <[hidden email]> > wrote: [...] >> I'm not sure what the "silent drop" is about... >> Some recipient server is setup to pretend-accept your emails when you >> are listed on that DNSBL ? > > Some setups do this. Certainly before psotscreen if I received mail > and SA scored it above a certain level the mail was effectively > silently dropped. (Not in point of fact, it was recoverable for a > week, just in case, but it was not delivered to the target account). That's entirely due to a conscious choice in the design of the receiving system in how SpamAssassin has been integrated. It is NOT an inherent behavior of SA, which only scores messages and does not itself implement any sort of message disposition. For as long as Postfix has had before-queue filtering, it has been able to avoid the no-winners contest between "silent drop," "silent quarantine," and "backscatter," no matter which tactics are being used by filtering tools. -- Bill Cole [hidden email] or [hidden email] (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire |
On 10 Dec 2020, at 07:12, Bill Cole <[hidden email]> wrote:
> On 10 Dec 2020, at 6:48, @lbutlr wrote: > >> Some setups do this. Certainly before psotscreen if I received mail and SA scored it above a certain level the mail was effectively silently dropped. (Not in point of fact, it was recoverable for a week, just in case, but it was not delivered to the target account). > > That's entirely due to a conscious choice in the design of the receiving system in how SpamAssassin has been integrated. It is NOT an inherent behavior of SA, Yes of course, I did not mean to imply this was SA doing it, I thought that was clear. -- 7-Up? What happened to Ups 1-6? |
Free forum by Nabble | Edit this page |