On Tue, Aug 20, 2019 at 11:10:08PM +0300, Reco wrote:
On Tue, Aug 20, 2019 at 03:45:31PM -0400, Michael Stone wrote:
On Tue, Aug 20, 2019 at 08:39:43PM +0300, Reco wrote:
> On Tue, Aug 20, 2019 at 01:22:27PM -0400, Michael Stone wrote:
> > On Tue, Aug 20, 2019 at 07:14:01PM +0300, Reco wrote:
> > > So it boils down to "MTA needs care on a regular basis" and "some
> > > blacklist can add your MTA for no good reason". First one is universal
> > > (applies to any Internet-facing service), second one can be beat with a
> > > creative use of hosting. Also, https://mxtoolbox.com. A non-free
> > > service, but a useful one.
> >
> > Way to oversimplify, and "creative use of hosting" basically means
> > "hope and pray". It's also not actually true that there's hosting
> > magic which makes you immune to blacklist stupidity unless your
> > hosting is gmail or something equally too large to block.
>
> Unless a blacklist adds victims by AS number, a change of MTA's IP
> (hence the hosting) and an appropriate DNS reconfiguration is
> sufficient to sidestep it.
And cause different issues, because you're no longer on an IP with an
established history.
A blank slate. There's nothing wrong with it.
Except that other anti-spam algorithms take into account how long a
domain has been around, and how long a specific IP has been in use for
that domain. (In order to try to counteract spammers doing exactly what
you're recommending in order to avoid IP based blocklists.)
Blacklists are called that
for a reason, they do not block whole IPv4/IPv6 address space.
Sure they do. Even in this thread you've heard people advocate blocking
entire countries. You seem to be arguing based on some particular
blacklist implementation without recognizing that other recipients use
other blacklists, some of which may even have policies that you might
think are idiotic. If you're trying to send an email to someone whose
provider implements idiotic policies, your assessment of their policies
is basically irrelevant. (Though it may eventually encourage you to
simply stop caring about whether the email gets delivered.)
You're also assuming that they're blocking by IP rather than domain,
which is quite bold assumption since the blacklist is a black box and
domain based blacklists most certainly exist.
Haven't encountered one yet, but I trust you on this.
As an example, see https://www.spamhaus.org/dbl/ and "RHSBL"
Or, you're trying to send to someone who's blacklisting broad ranges
of IPs or ASs and you're just wasting your time changing IPs. Nothing
like find that out after going down that road.
And that's where "hosting" comes into play. Blacklisting, say, whole
Amazon AS is a little extreme, don't you think?
See above. Also, there are certainly recipients who are more skeptical
of amazon IPs exactly because they're so easy to spin up. Also, amazon
themselves will ask questions if you start hopping IPs and asking for
PTRs on each of them for email delivery.
Again, each of these things is usually surmountable, but rational people
eventually have to ask whether it's worth the effort vs throwing in the
towel and outsourcing to a first tier provider.
