Wednesday, August 30, 2006

We Like You, Even With RBL & Blocked Addresses

Dave Neary (bolsh) posted an interesting blog about the RBL and blocked addresses. We are a site that blocks all of France, but not because of any "Freedom Fries" issues. :) The City of Largo has tasked us with providing a hostile-free environment, and part of that is very aggressive cleaning of email. People like to complain if they know they can, and we were getting flooded with email that was 'offending' people, which means for some being one step away from a lawsuit. The RBL has helped us block ISPs that are not actively going after spammers on their network. The theory is that the user community will give them so many support calls about email being blocked (like you!), that they will hire enough people to manage the network better. As for blocking entire countries, there is a reason for this. Spam appliances do a forward and reverse DNS check on sites as part of the first check. If this passes, filters are applied and then it's released into our GroupWise server. Our observations indicated that certain countries were sending out a great deal of spam that was getting through more than others. France (.fr) unfortunately was one of the top senders. Possibly, only about 5 out of 750 of us receive email from other countries, so we had to make the decision to block and work out exceptions as they come up.

I did a live snapshot of our spam appliance running, you can see the scope of our problems. I am sure many of you are dealing with the same thing.


5 comments:

Anonymous said...

> only about 5 out of 750 of us receive email from other countries

How sad. And this is your remedy to keep them isolated for the rest of their lives.

Anonymous said...

Out of the 15 spam emails shown in the screenshot, 9 are "alledgedly from" a .com address, 2 from a .org address, 2 from a .de address, one from a .net address and one from a .mx address. So why block emails from France? Most of your spam (and mine) comes from .com addresses - surely blocking those will have a greater affect on the number of spams that get stopped?

Anonymous said...

You forgot to answer the question from the post you mentioned. So, the OP asked:

"So, as an innocent victim in the (cue dramatic music) War on Spam, what can I do? Change ISPs? Raise my hand and say "Not I" to the blacklisters every time I get one of these? Complain to my ISPs that they aren't doing enough to be part of the Coalition for a Spamless Web? Move out of France?"

Anonymous said...

Anonymous: Although the faked email addresses say they're .com (there's even one pretending to be from largo.com itself), spam-filtering software concerns itself with the IP address from which the email originated. This is found by parsing the headers of the email.

Anonymous said...
This comment has been removed by a blog administrator.