Amos wrote:
Just recently we discovered we've been tagged by spamcop. Since the
spamtrap is "secrete", there's no way to know what incident triggered
this event, which makes it pretty damn difficult to track it down to
try to deal with it. Furthermore, a site has only one chance to delist
their server. After that, it's a permanent block.
So, if we can't tell what source is a problem, only have one chance to
delist--EVER--seems to me we're pretty screwed. Lovely.
We went through this earlier this year, back when forged Received
headers suddenly became widely popular and sites building blacklists
were still trusting all the headers. None of the lists that blocked us
-- SpamCop included -- would provide us any way to determine whether the
messages had actually come from our server.
I understand they want to keep their sources secret, but this is like
bringing evidence to a trial in a sealed envelope and not allowing the
defense attorney to see it. There's no way to verify that the evidence
was collected properly or interpreted correctly, and of course there's
no way to resolve the problem.
Actually, SpamCop was one of the more responsive lists. I sent them a
point-by-point list of possible explanations for them seeing our IP
address in their spamtraps, how likely each one was (I didn't outright
reject the possibility that someone had broken TOS or found a way to
trick our server into sending something, but it seemed really unlikely),
and some sample headers from mail that really came from our servers, and
within a day they'd written back that they were satisfied the message in
their spamtrap had used forged headers.
None of which helps you track down the problem if someone actually *is*
abusing your server, and I think that a two-strikes-you're-out policy is
f*#^ing INSANE (if you'll pardon the expression) and shows a complete
lack of understanding as to the nature of providing email for large
communities of people outside of your direct control. I really do not
understand the assumption some people make that either you're AOL,
Earthlink or Yahoo, or you're some 20-person small business that can
impose any draconian measures you want on your users. There's a whole
world of in-between sites.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
