I have been lurking here for a couple years but have really not had any information worth jumping into a conversation. But the question in my subject is really burning me up these days.
As far as my last general check there are at least 200 RBL's that could potentially be used by any mail admin anywhere in the world. They rarely have matching data sets and just becomes a real pain for a 2 person operation managing a system with 80k+ email accounts. We have built a very complex outbound mail verification system but we cant stop 100% of the spam 100% of the time so some does slip out. I have ran into some RBL's where you ask for removal and they either want payment (fairly rare at this point) or do not answer or give a really long explanation of why they are right and you are wrong. This may have been brought up before and if there is already a group please point me to it, but we need a study group/governing body/RFC to at least put out suggestions on RBL structure. Granted the RBL owners do not have to listen to anything that is said but maybe if it gained some traction admin's, at least the true admin's that know the internals of their mail system would start to listen. Hard set RBL's with no timeout's should be frowned upon. RBL's that give you the run around when you ask for a removal should be forgotten. RBL's that have no option for removal should be forgotten. RBL's that rely on 15 year old data sets should be forgotten. (I have ran into a few) We run our own internal RBL that slurp's IP's from a couple different reputable RBL's and through scripting/algorithm's that we have been perfecting for 10 years no IP stays in our RBL more than 12 hours, some are even less it all depends on hits over time. If they start spamming again they are added back to the RBL if spamming patterns are detected. We take care of most of this using rbldns and triggers from our Logstash system. Our internal RBL rarely contains more than 150k entries at one time since it is auto cleaning. It does swap in and out thousands of ip's per day but generally averages about 150k. We can always route around these what I will call at this point bogus RBL's but that should not be something we have to do. The RBL owners should properly maintain their lists. For instance it was not long ago that I had to jump though hoops to get one RBL to reassign a block of our ipaddresses as static in their system when we had reassigned them as static 5 years earlier. These RBL's are not doing anyone any favors, maybe to the admin's that can say "YAY we block all spam with this RBL." Acceptable, but how much legitimate mail are you blocking? I know there are some system vendors that have a set of RBL's built into their system's but what are the default RBL's, how many admin's would even know how to figure out? --Bryan Vest
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
