BACKSCATTERER - Please confirm, provide evidence of back scatter for 207.211.35.145 and 207.211.35.146
Mark
and my inbound servers are configured NOT to accept e-mail for non-
existant addresses. Please provide proof or examples of this so I can
work to correct the problem, if indeed one exists.
Thank you,
Mark Newman
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
Rob
> My outbound server IP addresses are listed on the backscatterer RBL
> and my inbound servers are configured NOT to accept e-mail for non-
> existant addresses. Please provide proof or examples of this so I can
> work to correct the problem, if indeed one exists.
The backscatterer people think it is abuse to configure your servers
to not accept mail from non-existant addresses.
Their old and slow mailservers are unable to cope with the extra
connections for the verifications, and therefore they called those
extra connections abusive.
I think it is pityful. They should buy some new servers.
But for now, you will be listed when you run your servers like that,
even when you send no backscatter.
On the other hand, that should not be a problem. Who cares being on
such a list? Next time they find some other criteria and make a list
for those systems, as an admin you cannot follow the opinions of every
random person on the net.
axlq
Mark <lanmas...@gmail.com> wrote:
>My outbound server IP addresses are listed on the backscatterer RBL
>and my inbound servers are configured NOT to accept e-mail for non-
>existant addresses. Please provide proof or examples of this so I can
>work to correct the problem, if indeed one exists.
You don't need examples or proof. The proof is that you are listed
on backscatterer.org because you rejected an undeliverable message
to the backscatterer.org servers. An example would serve no purpose
and would not help you fix your problem.
Reject an undeliverable message DURING the SMTP session, not after
it closes. If you wait until after it closes, all you have is the
envelope-sender address forged by a spammer, and using that address
will land you on backscatterer. If you reject the message during
the SMTP session, then the rejection goes to the server connected to
you, and that ISN'T backscatter.
-A
Shmuel (Seymour J.) Metz
at 03:10 PM, Rob <nom...@example.com> said:
>The backscatterer people think it is abuse to configure your servers to
>not accept mail from non-existant addresses.
That of course, is not even close to the truth.
>Their old and slow mailservers are unable to cope with the extra
>connections for the verifications,
You are confused both as to the listing criteria for backscatter (SAV spam
is not backscatter) and as to the facilities in SMTP for verifying
addresses. Free clue: RCPT is not an alternative to VRFY, but, in the case
of SAV, an attempt to circumvent access controls and hence abusive
regardless of whether it causes a significant amount of harm.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
Mark
> on backscatterer.org because you rejected an undeliverable message
> to the backscatterer.org servers. An example would serve no purpose
> and would not help you fix your problem.
>
> Reject an undeliverable message DURING the SMTP session, not after
> it closes. If you wait until after it closes, all you have is the
> envelope-sender address forged by a spammer, and using that address
> will land you on backscatterer. If you reject the message during
> the SMTP session, then the rejection goes to the server connected to
> you, and that ISN'T backscatter.
>
> -A
My Exchange servers ARE configured to reject mail for invalid
recipients during the SMTP session.
Seth
Mark <lanmas...@gmail.com> wrote:
>> Reject an undeliverable message DURING the SMTP session, not after
>> it closes. If you wait until after it closes, all you have is the
>> envelope-sender address forged by a spammer, and using that address
>> will land you on backscatterer. If you reject the message during
>> the SMTP session, then the rejection goes to the server connected to
>> you, and that ISN'T backscatter.
>
>My Exchange servers ARE configured to reject mail for invalid
>recipients during the SMTP session.
What other kinds of mail do they accept that they can't deliver, and
hence bounce?
Seth
Seth
Rob <nom...@example.com> wrote:
>The backscatterer people think it is abuse to configure your servers
>to not accept mail from non-existant addresses.
They don't care who you accept from, or not. Their list criteria
specifically states that what matters is what you emit.
>Their old and slow mailservers are unable to cope with the extra
>connections for the verifications, and therefore they called those
>extra connections abusive.
>I think it is pityful. They should buy some new servers.
I don't care what kind of servers they run. That's up to them.
>But for now, you will be listed when you run your servers like that,
>even when you send no backscatter.
Listing is for sending them backscatter. It's really just that
simple.
Seth
Mark
> What other kinds of mail do they accept that they can't deliver, and
> hence bounce?
>
> Seth
None that I'm aware of, but obviously something go through. Turned up
logging and trying to catch it. The problem is that I'm acting
responsibly - trying to fix the issue - and there's no way to remove
my servers from this RBL. I just have to wait for 4 weeks, which is a
really long time. There should be some mechanism for removal other
than posting to this forum. This RBL is really punishing legitimate
companies and not providing any method for removal which I think is
unfair.
My 2c.
Rob
>>But for now, you will be listed when you run your servers like that,
>>even when you send no backscatter.
>
> Listing is for sending them backscatter. It's really just that
> simple.
Wrong. Please read their website so you know how it operates.
It never checks if you send something. Merely contacting them to
see if an address exists will list you.
Shmuel (Seymour J.) Metz
11/04/2009
at 09:13 PM, Mark <lanmas...@gmail.com> said:
>None that I'm aware of, but obviously something go through. Turned up
>logging and trying to catch it. The problem is that I'm acting
>responsibly - trying to fix the issue - and there's no way to remove my
>servers from this RBL. I just have to wait for 4 weeks, which is a
>really long time. There should be some mechanism for removal other than
>posting to this forum.
Posting in this news group is *not* a removal mechanism, just a way to
discuss the issues. The removal mechanism is:
1. Fix the problem.
2. Only *after* step 1., wait for timeout or pay for expedited
delisting.
>This RBL is really punishing legitimate companies
No, it's protecting legitimate companies from e-mail servers that are not
properly administered. Its only responsibility to those listed is to be
accurate.
>and not providing any method for removal
See above.
>which I think is unfair.
Google for "natural consequences"; it's perfectly fair.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
--
MrD
> On Nov 3, 4:01 pm, se...@panix.com (Seth) wrote:
>
>> What other kinds of mail do they accept that they can't deliver,
>> and hence bounce?
>>
>> Seth
>
> None that I'm aware of, but obviously something go through. Turned
> up logging and trying to catch it. The problem is that I'm acting
> responsibly - trying to fix the issue - and there's no way to remove
> my servers from this RBL. I just have to wait for 4 weeks, which is
> a really long time. There should be some mechanism for removal other
> than posting to this forum. This RBL is really punishing legitimate
> companies and not providing any method for removal which I think is
> unfair.
>
> My 2c.
That'll be your problem; expedited removal costs a bit more than 2c :-)
NOTE that posting to this "forum" isn't a removal mechanism. The real
removal mechanism is simply to stop causing backscatter. As far as I'm
aware, whingeing here doesn't help.
NOTE also that many people think 4 weeks is too short.
And NOTE that backscatterer isn't a list of companies that aren't
"legitimate"; legitimacy just doesn't come into it. Backscatterer
doesn't care whether you are a legitimate company, or a mafia front, or
a spammer, or an antispammer (see earlier posts from Michelle Sullivan).
Send them backscatter => get listed.
--
MrD.
http://ipquery.org
Shmuel (Seymour J.) Metz
at 07:34 PM, ax...@spamcop.net (axlq) said:
>An example would serve no purpose
>and would not help you fix your problem.
An example would help him to identify the conditions under which he emits
backscatter. I'd like for Claus to provide such examples *if* he can do so
without compromising his spam traps.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
--
MrD
> Seth <se...@panix.com> wrote:
>>> But for now, you will be listed when you run your servers like that,
>>> even when you send no backscatter.
>> Listing is for sending them backscatter. It's really just that
>> simple.
>
> Wrong. Please read their website so you know how it operates.
>
> It never checks if you send something. Merely contacting them to
> see if an address exists will list you.
>
-> MAIL FROM: <>
<- 250 2.1.0 Ok
-> RCPT TO: <guessed...@example.com>
<- 550 5.1.1 Silly boy - you just got yourself listed.
-> OOPS: I screwed up.
<- 221 2.0.0 Bye
--
MrD.
http://ipquery.org
Fallout
>and my inbound servers are configured NOT to accept e-mail for non-
>existant addresses.
That means you're doing SAV, right? That's what's getting you listed
probably. You're verifying if a sender address exists, which means
that you're verifying all the fake sender addresses spammers use. I'm
assuming you're not using the VRFY command but RCPT TO: hitting
systems that never sent you anything and breaking their policy (if
they disabled VRFY, they don't want to be verified)
> There should be some mechanism for removal other
> than posting to this forum. This RBL is really punishing legitimate
> companies and not providing any method for removal which I think is
> unfair.
But there is, express delisting, I think it's 10 euros but not sure.
But of course you have to fix the problem first or you'll get listed
again.
Backscatterer is mosty listing 'legitimate' companies I think, either
way it doesn't care what type of company it is, just that it sends
backscatter.
Mark
<spamt...@library.lspace.org.invalid> wrote:
> In <32501a9d-bd01-4221-9d7d-e81ed59c1...@m35g2000vbi.googlegroups.com>, on
> 11/04/2009
>
> --
> Comments posted to news.admin.net-abuse.blocklisting
> are solely the responsibility of their author. Please
> read the news.admin.net-abuse.blocklisting FAQ at
> http://www.blocklisting.com/faq.htmlbefore posting.
Thank you for the long reply, though I don't agree with some of your
assertions.
I do agree and acknowledge that this forum is not a de-listing
mechanism and have not asked to be de-listed. Though I have, and
continue, to request that the administrators of this list include SOME
de-listing mechanism for legitimate senders who are trying to correct
their configurations. Leaving legitimate senders on your list is an
unnecessary punshiment and only works to lower the effectiveness of
the RBL - by blocking legitimate senders from communicating. "Natural
consequences" I understand, but e-mail administration is more
complicated than 1+1=2, so you shouldn't blanket assume that servers
that backscatter *once* are automatically bad.
That said, I'm running Microsoft Exchange 2007 and the mechanism to
configure the server to *not* backscatter includes installing their
"anti-spam" compontnest on the HUB or EDGE server. Once installed, an
admin can enable "Recipient Filtering" where mail sent to users not
listed in the GAL is rejected *during the SMTP conversation* with a
550 error. Mail is *not* accepted and then later returned as
underliverable - also called an asyncrhonous NDR... or backscatter.
So, I have my server configured properly, but there are other "entry
points" into this environment as it is a rather large and complicated
one. We have logging enabled on outbound traffic and I can see the
message that caused us to be listed. However, we have not yet
determined where where the message came from. Perhaps it came from a
user's machine that was infected with a virus... we're not entirely
sure.
Again, e-mail administration is not always simple and environments
should be allowed to be delisted if an honest effort is made to stop
backscatter. Or perhaps change the listing criteria to only add
servers to the list if they backscatter more than X times in a given
month - this would allow some leeway for exceptions or possibly
infected workstations (which, in the case of this organization, are
out of our physical control).
M
Martijn Lievaart
> On Nov 4, 11:13 pm, Mark <lanmasterm...@gmail.com> wrote:
>>and my inbound servers are configured NOT to accept e-mail for non-
>>existant addresses.
>
> That means you're doing SAV, right? That's what's getting you listed
> probably. You're verifying if a sender address exists, which means that
> you're verifying all the fake sender addresses spammers use. I'm
> assuming you're not using the VRFY command but RCPT TO: hitting systems
> that never sent you anything and breaking their policy (if they disabled
> VRFY, they don't want to be verified)
No, that's when you don't accept email FROM non existent addresses, he's
not accepting email FOR non existant adresses.
M4
MrD
> On Nov 4, 11:13 pm, Mark <lanmasterm...@gmail.com> wrote:
>> and my inbound servers are configured NOT to accept e-mail for non-
>> existant addresses.
>
> That means you're doing SAV, right?
I think he said he's rejecting email *for* non-existent addresses - not
*from*.
--
MrD.
http://ipquery.org
Rob
> Backscatterer is mosty listing 'legitimate' companies I think, either
> way it doesn't care what type of company it is, just that it sends
> backscatter.
Yes, that is why it is not useful to use backscatterer as a blacklist
for normal mail. In fact, it is useful to use it as a whitelist. Mail
from a system on backscatterer has more chance being ham than being spam.
Unfortunately, bad admins keep installing backscatterer as a blacklist,
and therefore people keep complaining here that they are listed.
When admins would wake up and use backscatterer as a whitlist (with a
small number of points), the complaints would quickly cease.
James Wilkinson
> What other kinds of mail do they accept that they can't deliver, and
> hence bounce?
Mark replied:
> None that I'm aware of, but obviously something go through.
Note that Out-of-Office (or other automatic) replies can trigger a
listing.
This usually means that the spammer has picked addresses from their list
at random for plausible sending addresses, and chosen a UCEProtect
spamtrap.
James.
--
E-mail: james@ | ... and watched Richard Stallman ask one of the waiting
aprilcottage.co.uk | staff whether the spring rolls did indeed spring and
| whether they would bounce.
| -- Telsa Gwynne
Fallout
> On Nov 5, 8:53 am, "Shmuel (Seymour J.) Metz"
> determined where where the message came from. Perhaps it came from a
> user's machine that was infected with a virus... we're not entirely
> sure.
Don't your logs show the authenticated user, or the sending IP? If it
was a virus, you should see thousands/tens of thousands messages
coming from that machine. Maybe it was an autoresponder using <> or
postmaster as mail from
Bill Harzia
[Mr Snippo was 'ere]
>Though I have, and
>continue, to request that the administrators of this list include SOME
>de-listing mechanism for legitimate senders who are trying to correct
>their configurations. Leaving legitimate senders on your list [...]
This is merely a moderated newsgroup and has no connection with UCE
Protect other than their Backscatterer list gets discussed here. To
the best of my knowledge, Shmuel has no connection with them either.
Dave
D. Stussy
news:2009110715...@aprilcottage.co.uk...
> Seth wrote:
> > What other kinds of mail do they accept that they can't deliver, and
> > hence bounce?
>
> Mark replied:
> > None that I'm aware of, but obviously something go through.
>
> Note that Out-of-Office (or other automatic) replies can trigger a
> listing.
>
> This usually means that the spammer has picked addresses from their list
> at random for plausible sending addresses, and chosen a UCEProtect
> spamtrap.
... Has chosen a UCEProtect spamtrap mailbox that is NOT COVERED by an SPF
or DK/DKIM record.
E-Mail Sent to this address will be added to the BlackLists
> I have, and continue, to request that the administrators
> of this list include SOME de-listing mechanism for
> legitimate senders who are trying to correct their
> configurations.
"Legitimate" senders would rarely hit SpamTraps.
"Legitimate senders" is not something UCEprotect can
easily determine, (except perhaps through something
like their whitelist).
The same is true for most SMPT servers.
> I have my server configured properly, but there are
> other "entry points" into this environment as it is
> a rather large and complicated one.
> We have logging enabled on outbound traffic and I can
> see the message that caused us to be listed.
> However, we have not yet determined where where the
> message came from.
> Perhaps it came from a user's machine that was infected
> with a virus... we're not entirely sure.
If you are not entirely sure where the abuse is coming
from / how the abuse is happening, and you haven't yet
prevented it from happening again, I think it is certainly
to early to be expecting special treatment.
--
E-Mail Sent to this address <Blac...@Anitech-Systems.com>
will be added to the BlackLists.
Fallout
> Fallout wrote:
> > On Nov 4, 11:13 pm, Mark <lanmasterm...@gmail.com> wrote:
> >> and my inbound servers are configured NOT to accept e-mail for non-
> >> existant addresses.
>
> > That means you're doing SAV, right?
>
> I think he said he's rejecting email *for* non-existent addresses - not
> *from*.
Oops! I think you're right :-)
> --
> MrD.http://ipquery.org
Shmuel (Seymour J.) Metz
at 01:14 AM, Rob <nom...@example.com> said:
>Yes, that is why it is not useful to use backscatterer as a blacklist for
>normal mail.
You're making that up, because you have no access to the logs of the
relevant servers. If the admin sees a correlation between backscatter and
other forms of maladministration, then it makes sense to block backscatter
sources.
>Unfortunately, bad admins keep installing backscatterer as a blacklist,
You keep making that claim, but you have produced no evidence that the
majority of admins using the list in that fashion don't have hard data to
justify it.
>and therefore people keep complaining here that they are listed.
People complain here when they are not listed, and they complain when they
are listed for compelling reasons. A complaint here and Õ50 will buy you a
cup of coffee.
>the complaints would quickly cease.
The typical admin is concerned with complaints from *his* users, and
couldn't care less about complaints from those whose e-mail he is
rejecting. He might care about an external heads up on behavior he didn't
intend, but unless there is some sort of abuse involved in that behavior
he has no obligation.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
Bill Harzia
>On Nov 4, 11:13 pm, Mark <lanmasterm...@gmail.com> wrote:
>>and my inbound servers are configured NOT to accept e-mail for non-
>>existant addresses.
>
>That means you're doing SAV, right?
No, *his inbound* servers reject mail connections for addresses that
don't exist on *his* servers - hopefully during the SMTP connection.
Dave
MrD
> I do agree and acknowledge that this forum is not a de-listing
> mechanism and have not asked to be de-listed. Though I have, and
> continue, to request that the administrators of this list include
> SOME de-listing mechanism for legitimate senders
What, in your view, distinguishes "legitimate" senders from the other sort?
> who are trying to correct their configurations.
What does "legitimate" mean, in the context of senders that are
misconfigured?
> Leaving legitimate senders on your list is an unnecessary punshiment
> and only works to lower the effectiveness of the RBL - by blocking
> legitimate senders from communicating.
You want "legitimate" senders with misconfigured systems to be treated
differently from the other kind of senders with misconfigured systems?
So how are Backscatterer supposed to tell the difference?
> "Natural consequences" I understand, but e-mail administration is
> more complicated than 1+1=2, so you shouldn't blanket assume that
> servers that backscatter *once* are automatically bad.
The idea is that someone who backscatters *once* is unbelievably unlucky
if their single item of backscatter happens to hit a backscatterer
spamtrap. I would say that is correct. Would you agree?
>
> So, I have my server configured properly, but there are other "entry
> points" into this environment as it is a rather large and
> complicated one.
But presumably you're up to managing it?
We have logging enabled on outbound traffic and I can see the
> message that caused us to be listed. However, we have not yet
> determined where where the message came from. Perhaps it came from a
> user's machine that was infected with a virus... we're not entirely
> sure.
A backscatter-sending virus? There may be such a thing, I guess.
>
> Again, e-mail administration is not always simple and environments
> should be allowed to be delisted if an honest effort is made to stop
> backscatter.
I don't agree with that at all. It requires that the list admins
exercise judgement and personal discretion in deciding who gets listed
and who gets delisted. But RBLs that exercise judgement tend to get
lawyered; and people lie. An RBL that is organised that way can work
well (Spamhaus); or it can work badly (ORBS). But either way it involves
a significant cost in effort. You can't have a fully automated RBL (like
backscatterer) with *just a bit* of personal judgement mixed in. That's
like being mostly a virgin.
> Or perhaps change the listing criteria to only add servers to the
> list if they backscatter more than X times in a given month - this
> would allow some leeway for exceptions or possibly infected
> workstations (which, in the case of this organization, are out of our
> physical control).
As fas as I'm concerned, if you hit the backscatterer spamtraps once,
then you've *already* backscattered more than X times. People don't
backscatter specific addresses on purpose; they backscatter because
that's how their system is configured. Nobody who backscatters does it
only to spamtraps.
So if you send backscatter to a spamtrap, then you will be sending it to
other addresses too; the list is there to enable victims to avoid
receiving that backscatter. Special-casing "honest efforts" or
"legitimate senders" breaks the effectiveness of the list.
--
MrD.
http://ipquery.org
Shmuel (Seymour J.) Metz
at 09:46 PM, Bill Harzia <fin...@uvula.invalid> said:
>This is merely a moderated newsgroup and has no connection with UCE
>Protect other than their Backscatterer list gets discussed here. To the
>best of my knowledge, Shmuel has no connection with them either.
Also top the best of my knowledge. AFAIK, Claus would not have to shoot me
if I were involved in UCEPROTECT and admitted it, but as it happens I'm
only responding based on what I've seen from the outside looking in. I
assume that most of the other posters are also uninvolved, also many of
them may have data bearing on UCEPROTECT's effectiveness or lack thereof
for their own users.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
Rob
> This usually means that the spammer has picked addresses from their list
> at random for plausible sending addresses, and chosen a UCEProtect
> spamtrap.
I would hope it *always* means that!
Or is backscatterer.org actively sending out probe messages from addresses
on the spamtrap list??
Shmuel (Seymour J.) Metz
11/06/2009
at 09:32 PM, Mark <lanmas...@gmail.com> said:
>Leaving legitimate senders on your list is an unnecessary punshiment
It provides an incentive to not get listed.
>only works to lower the effectiveness of
No, because there's no guaranty that the admin will fix all of the
problems in a short period of time.
>the RBL
"RBL" is a trademarked term; UCEPROTECT and BACKSCATTER are DNSBL's.
>so you shouldn't blanket assume that servers
>that backscatter *once* are automatically bad.
That doesn't mean that you shouldn't play the odds.
>where mail sent to users not listed in the GAL is rejected *during
>the SMTP conversation* with a 550 error.
That's a good start, but you also need to ensure that, e.g., 552 5.2.2, is
sent during the SMTP session rather than in a later DSN.
>"Natural consequences" I understand, but e-mail administration is
>more complicated than 1+1=2, so you shouldn't blanket assume that
>servers that backscatter *once* are automatically bad.
Then it's a good thing that nobody makes such an assumption. If the odds
favor an e-mail client being bad, that's good enough FAPP. Once a
maladministered MTA is detected, it's the responsibility of the admin to
show that it's been cleaned up.
>Again, e-mail administration is not always simple and environments
>should be allowed to be delisted if an honest effort is made to stop
>backscatter.
The DNSBL doesn't measure intent, only results. I don't see how Claus
could do what you want without allowing others to game the system.
Further, a delisting delay provides an incentive to not get listed.
>Or perhaps change the listing criteria to only add
>servers to the list if they backscatter more than X times in a given
>month
There's no way to do that; Claus only knows about the backscatter that
hits his servers. However, it's a safe bet that if he is seeing
backscatter from you then others are as well.
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
I reserve the right to publicly post or ridicule any abusive
E-mail. Reply to domain Patriot dot net user shmuel+news to contact
me. Do not reply to spam...@library.lspace.org
E-Mail Sent to this address will be added to the BlackLists
> When admins would wake up and use backscatterer as a whitlist
> (with a small number of points), the complaints would quickly
> cease.
How is that working for you?
Were there any significant changes in your endusers spam / ham
ratios?
Are your endusers getting more wanted DSNs, without too many
more unwanted DSNs?
What else are you using for SpamControl for your EndUsers?
--
E-Mail Sent to this address <Blac...@Griffin-Technologies.net>
will be added to the BlackLists.
--
Seth
Mark <lanmas...@gmail.com> wrote:
>Again, e-mail administration is not always simple and environments
>should be allowed to be delisted if an honest effort is made to stop
>backscatter.
In grade school, children are rewarded for making an honest effort.
In the real world, adults are rewarded for succeeding.
The Internet is not a grade school, despite all the evidence
otherwise.
> Or perhaps change the listing criteria to only add
>servers to the list if they backscatter more than X times in a given
>month - this would allow some leeway for exceptions or possibly
>infected workstations (which, in the case of this organization, are
>out of our physical control).
Feel free to start your own list based on your own criteria. If
others feel your list is better, they'll switch to using yours and the
other one will be ignored.
Personally, there's stuff (such as backscatter) that I just don't
want. I don't want it from someone who's lazy or incompetent, and I
just as much don't want it from someone who tries very hard and makes
an honest effort but his boss chose the wrong software.
Seth
Mark
> I don't agree with that at all. It requires that the list admins
> exercise judgement and personal discretion in deciding who gets listed
> and who gets delisted. But RBLs that exercise judgement tend to get
> lawyered; and people lie. An RBL that is organised that way can work
> well (Spamhaus); or it can work badly (ORBS). But either way it involves
> a significant cost in effort. You can't have a fully automated RBL (like
> backscatterer) with *just a bit* of personal judgement mixed in. That's
> like being mostly a virgin.
>
> then you've *already* backscattered more than X times. People don't
> backscatter specific addresses on purpose; they backscatter because
> that's how their system is configured. Nobody who backscatters does it
> only to spamtraps.
> MrD.http://ipquery.org
Understood. Just wish you would be a little more flexible. Perhaps
Spamhaus has the right idea. Thanks for your time.
Michelle Sullivan
> James Wilkinson <see...@aprilcottage.co.uk.invalid> wrote:
>> This usually means that the spammer has picked addresses from their list
>> at random for plausible sending addresses, and chosen a UCEProtect
>> spamtrap.
>
> I would hope it *always* means that!
> Or is backscatterer.org actively sending out probe messages from addresses
> on the spamtrap list??
>
That was precisely my question some weeks back.
Interestingly checking the listings and since commenting.. I'm not
listed any more...! (nothing has changed at my end)
Michelle
Seth
Rob <nom...@example.com> wrote:
>Seth <se...@panix.com> wrote:
>>>But for now, you will be listed when you run your servers like that,
>>>even when you send no backscatter.
>>
>> Listing is for sending them backscatter. It's really just that
>> simple.
>
>Wrong. Please read their website so you know how it operates.
>
>It never checks if you send something. Merely contacting them to
>see if an address exists will list you.
That is, _attempting_ to send them what looks like backscatter is
blocked and gets you listed.
Seth
Claus v. Wolfhausen
>
>James Wilkinson <see...@aprilcottage.co.uk.invalid> wrote:
>> This usually means that the spammer has picked addresses from their list
>> at random for plausible sending addresses, and chosen a UCEProtect
>> spamtrap.
>
>I would hope it *always* means that!
>Or is backscatterer.org actively sending out probe messages from addresses
>on the spamtrap list??
Since your IP 194.109.21.7 is not listed in backscatterer, nor has it a history
at backscatterer.org i simply ran out of ideas what reason you might have to
badmouth us that way?
Hey we are NOT spammers, so of course we do NOT send any probe messages....
--
Claus von Wolfhausen
Technical Director
UCEPROTECT-Network
http://www.uceprotect.net
Mark
so no more backscatter from my servers. :-)