> From: Keith Moore <moore@xxxxxxxxxx> > ... > His mate is a wise man. RBLs are a really terrible idea, and they've > caused a lot of valid mail to be rejected. There's really no way to > reliably determine that a message is spam based on the IP address or > sender's domain name. The most you should do with RBLs is delay or > rate-limit mail from the blacklisted sites, you should never reject > such mail. > .. It's never clear to me what Keith Moore means by "RBL" when he repeats that claim. Those three letters are a registered service mark for a product that historically has been run so conservatively that claims that should not be used to reject mail sound silly. You would certainly want to do more than just rate limit Cyberpromo's spam. He might be referring to other DNS (or BGP) distributed, more or less real time blacklists. Depending on which of the zillions of lists he is talking about, his claim is either entirely accurate or even worse than it would be if it refers to MAPS's RBL(sm). Some DNS blacklists are at best used for scoring and only by those who don't mind affecting legitimate email. Other DNS blacklists have false positive rates (legitimate rejected/total legitimate) below 0.01% that allow them to be used by corporations that would rather receive 1000 spam than reject one legitimate message. If his claim refers to private blacklists, then it is obvious nonsense. There are many IP addresses (e.g. WholesaleBandwidth's /18) that will never send mail that anyone but a spammer wants delivered for the foreseeable future. Then there are private blacklists of domain names that are undeniably valid targets of complete blacklisting, starting with Cyberpromo.com. The clear and undesputed (except by spammers and some others with special interests) consensus is that blacklists are undesirable but entirely legitimate, useful, and often necessary mechanisms for dealing with network abuse by rejecting, not just delaying mail. The buyer (or user) must beware, but Keith Moore blanket condemnation of "RBLs" is simply wrong. His apparent claim that SMTP servers must accept mail from everywhere as much sense as claims R. Stallman's complaints 20 years ago closed telnet ports. Note none of the SMTP servers I run use any DNS (or BGP) SMTP blacklists. He's not trying to gore any of my oxen. Vernon Schryver vjs@xxxxxxxxxxxx