Blogger listed on Spamhaus blacklist

It would seem that this SBL listing means that if you have a blog at http://(something).blogspot.com, your mail is going to be blocked by any site that checks the IP addresses of URLs found in messages, to see if those IP addresses are blacklisted.

Read more about it here.

I don't necessarily have an opinion on this at the moment. The devil's in the details, and I'm short on details. Generally speaking, I do want Spamhaus (and other blacklists) to bring the smack down on the bad guys. And if Google is (even unintentionally) being one of the bad guys by not doing enough to prevent spammers from using Blogger blogs as landing pages for spam, then that's a bad thing.

6 comments:

  1. Interesting. I take it your spam/ham database is currently filtering only by the source IP, rather than checking content URLs like this guy's ISP does?

    I wonder what that does to the false-positive rate....

    -Evan

    ReplyDelete
  2. Yup, source IP only. For now. Never thought to do DNS lookupa on URLs in messages before.

    ReplyDelete
  3. Do you think this could be setting a dangerous precedent? By blocking a service like Blogger, I think it is a slipper slope to blocking, for example, all of Yahoo since they produce a ton of SPAM.

    ReplyDelete
  4. Well, not sure. I do know that any big company, network, or ISP emits spam. The question is, are they implementing all best efforts to prevent it, and how are they responding when abuse is revealed? Clearly, Spamhaus thinks Google is falling down on that front.

    Also, Spamhaus listed a single IP. That is the narrowest possible listing. It isn't as though Spamhaus listed all of Google, or even every possible Blogger IP address.

    ReplyDelete
  5. Al,

    As far as doing DNS to IP then DNSbl lookups on URLs in messages, that is "2nd stage" of Spamhaus' Effective Spam Filtering. You, along with a lot of other people (including me), only do "1st stage" filtering on source IPs used in SMTP.

    See:
    http://www.spamhaus.org/effective_filtering.html

    - Another Matt

    P.S. I have no connection with Spamhaus except as a DNSbl end user.

    ReplyDelete
  6. This "2nd stage" of filtering:

    (1) won't catch very many additional spams that would not have already been caught when using SURBL & URIBL & other industry standard IP blacklists.

    (2) WILL product MUCH more FPs compared to using both SURBL & URIBL

    (3) uses more resources/time which prevents scalability. In contrast, URI lists like SURBL & URIBL can be downloaded to one's server and then run locally for faster lookups... and don't require an extra dns lookup to 3rd party servers which might often be slow or unresponsive.

    So the resources used and legit mail blocked is very high compared to the additional spam blocked.

    But I understand that these type of lookups can be very useful for research/confirmation purposes and Spamhaus does produce some excellent IP blacklists!

    (And, resources permitting, this might be a decent idea if used in a scoring system and not scored too high.)

    --Rob McEwen

    ReplyDelete

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.