On 04/12/2020 16:11, Vincent Pelletier wrote:
On Fri, Dec 4, 2020 at 11:26 AM David Neil <Postfix@rangi.cloud> wrote:
When I follow the instructions and attempt a "Delist request for
spamsources.fabel.dk" they quickly assure me that they won't spam me,
but seem to demand a GMail account. So, one security issue (spam) is
traded for another (tracking).
Are these people part of Google?
Do you know of some other way to contact them using a secure and private
email account?
Is their blacklist widely used anyway?
Unpopular opinion time: this specific DNSBL single-handledly managed to
convince me, a lowly email admin trying to be good, that DNSBLs are trying
to make me do their work for them.
They blacklist entire hosting companies subnets, despite the subnets hosting
independently-administrated servers: I'm not the hosting company, so how
can I request unlisting and answer "what steps were taken to fix the issue" in
good faith ?
They suggest using Mandrill as a reputable SMTP relay, and then manage to
blacklist some of Mandrill's own outgoing IPs.
So to be able to use emails I have to fight for the reputation of my server's IP
(fair enough), fight my paid-for server's hosting company subnet reputation
(so I guess I need to migrate my services from provider to provider everytime
there has been mass infections by a spam worm in that specific corner of
the internet), fight my paid-for email relay outgoing server reputation (so even
the solution recommended by the very DNSBL is being blocked), and then
spend unpaid time curating their list for them so it can be used by even more
inbound filters and they can cause me more headaches the next time
they fancy ? All the while my users cannot discuss with their customers and
providers which rely on this list (without even realising it) ?
Sure, they can count on it and drink water.
Evidently we share frustration.
The 'silent drop' bothers me - the message author went to some trouble
to write. Does (s)he deserve such treatment? Who takes responsibility
for the 'damage' breaking the author-reader relationship? (personal or
business)
The undeniable need is to stop the flow of garbage. Yes, I'm in-favor of
that! So, it is justified (reading some of the BL outfits' notes) that
fake-messages are not returned to unwitting email accounts, because it
adds to traffic volume/nothing they can do/etc - or is it?
We have to jump-through-hoops in order to build an email server that
works responsibly. The SPF/DKIM/DMARC processes clearly link domain (if
not account) and IP address. So, surely there is a clear difference
between some 'bad actor' spoofing my email address and sending spam from
his IP, and me sending 'legal' messages from my IPaddr? Accordingly, why
are such email 'control systems' not used to differentiate when it comes
to providing (valuable!) feedback? eg Sorry dn, we have received this
message from the correct SMTP-server, but that IPaddr appears in our
black-list...
Surely, the idea of lumping-together everyone using a hosting provider,
VPS, or cloud service is pure laziness? Alternately, arrogance: 'my
clients will believe me before they believe you'? That they then make it
difficult for the innocent to seek clarification seems obstructive. One
could even argue that before being found 'guilty', a message to
abuse@domain-in-question would enable one to mount a 'defence'.
The world (well, maybe not places like America) is moving to the
expectation that digital-leaders be held to a more responsible standard
and more reasonable behavior. Customer first?
--
Regards =dn
