I completely agree with you, keep spam out on the perimeter and off the main servers! At a previous client site the company went from an accept and filter approach like Mayflower is suggesting to putting the smtp servers behind an anti-spam solution that did realtime blacklisting. The amount of traffic reaching the production mail system decreased by GB per day. That reduced headaches for the network and security groups, as well as the e-mail team, since all that junk traffic was being kept out of the environment.

Hi Chris,

I read your blog regularly and I really appreciate your work in the Domino community to fight spam.

Sherpa Software, the company I work for, and Mayflower Software are partners. I didn't want that to go unsaid. However, I feel the need to speak up with respect to this post.

First, the choice of "spam provider" in your blog title is unfortunate since it appears to characterize Mayflower as a spammer. Perhaps rephrasing that as "anti-spam solution provider" would be more accurate. Frank, Allison, and the others at Mayflower whom I've met know their stuff and are a great bunch to work with. As you are, they also are a valuable resource to your readers in staying on top of spam.

Second, while opinions on the merits of specific anti-spam approaches will differ and should be discussed, respect for differing opinions can only bring good results. The comments on the blog post you reference are split and indicate to me that opinions on this issue vary. Each is just as valid as another.

Thanks for posting this and keep up the good work.

Grant Lindsay

Chris,

I agree with Grant that there are pros and cons of each approach and it is really up to the recipient's organization to decide their tolerance for false positives versus server load.

I know it is best to reject messages as far back from the server as we can. But our business and government customers especially complain about the false positives caused by the RBLs. Many government customers talk to constituents from home computers which use large public networks that send good messages and bad, so some real messages are rejected. It is a problem when the sender cannot resend, as the message continues to be rejected, causing frustration all around. Add to that a problem like this week's ORDB problem (see { Link } ) and a free service can create a lot of havoc.

But the good news is that each of us is free to decide what the right decision is for our organization and pick from multiple options, one of which is RBLs.

Frank Paolino

"home computers which use large public networks that send good messages and bad"

These home computers conduct direct SMTP conversation with your customers' MXs? That's a surprise. That must be a pain in the ass for them to send in the first place.

Grant, as far as Maysoft's conduct as a community participant, that's { Link } been { Link } well-documented. { Link }

@2 I am the same as you a Maysoft reseller. I am also based in Asia, where many many companies get black listed because they will not invest in any paid for AV or firewall or AntiSpam solutions. Also they are using ISP who also get black listed.

Chris, your comment "there is a phone" have you every tried dealing with these DNS Black list holders, some are now even charging money to take you off the black list.

Spam is a major problem and many many companies do not invest in any solutions or do not implement the solutions well. That is hardly the fault of the providers of those solutions

The problem is that these Black Listed companies correspond with my customers, who get really upset when the e-mails get blocked. So not relying on DNS lack lists can be very positive.

It also reduces dramatically the number of support calls we get from irate customers.

I have found the people at Maysoft great, when ever we have had a problem they are straight in there providing assistance and solutions. Even though we are 12 hours ahead of them Allison will very often answer my e-mails at what must be very late evening and night time for her.

Just 1 last thing Maysoft no longer use black lists in there latest version and from my experience it is catching an even higher % than before, so its your choice.

@4 Nathan, I am very surprise at you, having read your blog for some years now, saying that items that appears in blogs are "well documented". By and large blog items are people opinions. If you search the internet for my name you will find posts going back to the dark days when for all the world it appeared that IBM was ignoring Notes and I said so, so does that mean I hate IBM or Notes. Just so there is no confusion, I don't and never did.

Nick Halliwell

@2 Grant, the characterization of Mayflower as a spam provider is quite accurate actually and I sure most of the readers here agree with it.

@5 Nick, I think what Chris meant with "there is a phone" was "call me and I will whitelist you", implementation of DNS blacklists should always be accompanied by withlists.

and I think I just broke some sort of record for number of typos in one comment.

@5 - LMAO. "The problem is that these Black Listed companies correspond with my customers, who get really upset when the e-mails get blocked. So not relying on DNS lack lists can be very positive."

So WE shouldn't use DNSBLs because YOUR customers get blocked, and that makes you upset.

You're kidding, right? You have to be kidding.

"many companies get black listed because they will not invest in any paid for AV or firewall or AntiSpam solutions. Also they are using ISP who also get black listed."

Ummmm.... so those companies are not good netizens, and therefore SHOULD BE BLACKLISTED.

Duh.

@6 Vitor, you have turned a respectable discussion into a mire of innuendo which titillates but does not really add to the question about DNS Blacklists.

"I sure (sic) most of the readers here agree with it". What is accomplished by this? Certainly you did not offer any new value on the subject at hand.

@4 Nathan By public networks I mean home users who use Verizon, for example, and their zombie spam dirties the IP reputation of one of their outbound SMTP MTAs, and good mail is then blocked. But I am not sure of which SMTP MTA, and the research is not worth the effort to figure out what is wrong in their network, so again we disabled the RBL.

@8 Nathan (again) It would be great if we could get all of China to be good Netizens, but I for one don't have the time or energy to fix that problem. This is my exact problem with the RBLs, they cast a wide net which catches many a spam, but also many innocent senders.

On our main website, http://www.maysoft.com, we list both of our inbound SMTP gateways and the current catch rates, live and up to the minute. The first mostly gets good mail and spam, while the second is almost all spam. We are getting over 99.4% blocking rate without using RBLs (we stopped using RBLs in our product over a year ago) and a nice benefit was that our false positive rate has dropped significantly. But I'll close by saying again "to each his own", and I respect your decision to keep using RBLs.

@10 Frank I didn't turn any respectable conversation into any innuendo, do you really know the meaning of the word? Please go back and read what Chris posted, it says Mayflower Software, known spam provider, just made this very smart recomendation. Which part of the tittle did you not understand? I really can't see what is it that I turned. There really is no way of having a respectable conversation about Mayflower Software, Maysoft or hatever you called in the future. It won't go away.

I'm confused. "A home user on a public network who uses Verizon has zombie spam." Okay, frequent occurance. "dirties the IP reputation of one of their outbound SMTP MTAs" Who is "they" that has the MTA? The home user? Why does the home user have an MTA? Or Verizon? Why would Verizon have an MTA in the same IP range as their home users?

If you're blocking a home user sending from a personal MTA from a dynamic account, GOOD! That's poor netizenship. If you're blocking a Verizon MTA that's sitting in the same IP range as home users, GOOD -- that too is poor netizenship.

"This is my exact problem with the RBLs, they cast a wide net which catches many a spam, but also many innocent senders."

Who are these innocent senders? That's what I don't understand. RBLs typically list 4 kinds of IPs:

1) home user IP ranges that have no business transmitting SMTP directly.

2) known open relays due to misconfiguration -- which is helpful to first time mail installers who ought to properly configure their environments.

3) identifiably zombied machines masquerading as other DNS blocked which are identified via Sender ID and/or reverse DNS -- basically MTAs that lie about who they are.

4) known spam offenders with large numbers of public complaints.

So who's the wide net? There are blocks for stuff like "all of China." And that makes sense if you, say, don't do business with China. It doesn't make sense if you DO business with China. But it's not like you can't implement them selectively. You can block all of China with china.blackholes.us, and all of Korea with korea.blackholes.us, but still leave Japan, Taiwan, Russia, India, and The Republic of South Africa wide open.

Sure, it's possible to implement RBLs badly, just like it's possible to implement Domino badly. But that doesn't make RBLs or Domino as such a bad thing.

I'm confused. "A home user on a public network who uses Verizon has zombie spam." Okay, frequent occurance. "dirties the IP reputation of one of their outbound SMTP MTAs" Who is "they" that has the MTA? The home user? Why does the home user have an MTA? Or Verizon? Why would Verizon have an MTA in the same IP range as their home users?

If you're blocking a home user sending from a personal MTA from a dynamic account, GOOD! That's poor netizenship. If you're blocking a Verizon MTA that's sitting in the same IP range as home users, GOOD -- that too is poor netizenship.

"This is my exact problem with the RBLs, they cast a wide net which catches many a spam, but also many innocent senders."

Who are these innocent senders? That's what I don't understand. RBLs typically list 4 kinds of IPs:

1) home user IP ranges that have no business transmitting SMTP directly.

2) known open relays due to misconfiguration -- which is helpful to first time mail installers who ought to properly configure their environments.

3) identifiably zombied machines masquerading as other DNS blocked which are identified via Sender ID and/or reverse DNS -- basically MTAs that lie about who they are.

4) known spam offenders with large numbers of public complaints.

So who's the wide net? There are blocks for stuff like "all of China." And that makes sense if you, say, don't do business with China. It doesn't make sense if you DO business with China. But it's not like you can't implement them selectively. You can block all of China with china.blackholes.us, and all of Korea with korea.blackholes.us, but still leave Japan, Taiwan, Russia, India, and The Republic of South Africa wide open.

Sure, it's possible to implement RBLs badly, just like it's possible to implement Domino badly. But that doesn't make RBLs or Domino as such a bad thing.

I use DNS BlackLists with SpamAssasin. For example... if the host xy.com is on a blacklist I give him 2 Points. If the eMail contains only one big image another point and so on...

This works very great. Ok it took a little bit work to set it up. BUT in the end you got a lot of emails with "spampoints" and if a eMail got more then 6 points the Mailserver will not accept it.

This setup works very good for some from my customer :-).

@4 Interesting reading your comments and also the articles which you have provided links to. Your comments don't really have a lot to do with the subject, but if you feel that you advice for the Lotus Notes community, I am glad that you feel that you can share it to all those concerned.

I was alerted to this discussion by Frank and my research is brought up some interesting points. I have written about this on my blog { Link } I must say that I am rather dissapointed.

@10 Frank

I was reading this article { Link } and thought that some of the claims against you were a bit hard or even extreme. I am wondering is now that @4 has made some comments about this, would you be able to explain this to the Lotus Notes community.

WOW! I finally got what Chris Miller was saying, and I have to admit to missing it, the spam accusation. I was asked to make explanations of the facts, so here are the facts:

Neither I nor MayFlower own any of the following domains:

insidedomino.com

dominofiles.com

dfmtg.com

Here are some of the domains that I do own and manage, all through Network Solutions:

My karate dojo:

http://www.doshikai.net/

A place to download the "Notes Floats My Boat" screensaver.

http://www.notesfloatsmyboat.com/

Our official website:

http://www.mayflowersoftware.com/

The shortened URL from the old days when short URLs were in fashion:

http://www.maysoft.com/

The site that hosts our blog:

http://www.maysoft.org/

I used to use DominoFiles, but have not done so for about 2 years, since May, 2006.

I used to edit the InsideDomino webzine, but stopped that in 2005.

I did award SpamSentinel the Editor's choice award as Editor of insidedomino. My name was on the editor page and of course on our company website. None of this was hidden. At the time, I did not see the conflict. In retrospect, I should have made a full disclosure in the award. But, I stand by the award, as it was and still is the best spam filter available for Domino.

To (hopefully) bring this to a close, I won't get mad at some of you for getting the facts wrong if you stop being mad at me for your getting the facts wrong, too.

I have to say that as a community, we really should be fighting the evil empire (Microsoft), not beating up someone who loves Notes and gives away "Notes Floats My Boat" screensavers ;)