RBL check combines SMTP sender and Mail_From domains

Vernon Schryver vjs@calcite.rhyolite.com
Mon Sep 15 02:05:54 UTC 2008


> From: Gary Mills <mills@cc.umanitoba.ca>

> > As I always say, wanted bulk mail should be whitelisted.  One of the many

> Of course.  The difficult part is determining which messages should be
> whitelisted.  People generally don't notice that e-mail is being
> rejected until it stops arriving.  We use a shared whitelist here to
> which people can nominate messages after they have been rejected.  The
> advantage is that only one recipient of a legitimate bulk mail message
> need nominate it.  I suppose I should change things a bit so that the
> threshold for logging is considerably lower than the threshold for
> rejection.  That way, people could nominate messages in advance of
> their being rejected.  I might even put the not-yet-rejected messages
> on a different web page.

I think the best tactic is to give each user a private dccm/dccifd
whiteclnt file and log directory.  Users can check their private
logs and white- or blacklist as they wish, and even set thresholds,
turn DCC checks and greylisting on or off, and so forth with something
like the proof-of-concept CGI scripts demonstrated at
https://www.rhyolite.com/DCC-demo-cgi-bin/edit-whiteclnt
with username cgi-demo and password cgi-demo

I recall being told that is not practical at U of M, but it is done
as some other sites.


> > In this particular case, it appears that a subscriber to this mailing list
> > is reporting it with `dccproc -cMANY` or some other spam-trap mechanism.
>
> People do silly things.  Often somebody will blacklist a mailing list to
> which they've subscribed simply because it's easier than unsubscribing.
> That could be the case here.  Or, it could be malicious.  

It's probably just a mistake.  Perhaps an abandoned mailbox that
has been getting a lot of spam and that was subscribed to the list
has been turned into a spam trap.

People running DCC servers can use the `dblist` command to find the
ID of the server that has been receiving the "MANY" reports.  I've
sent a question to that server's operator.
But as I've said every time the issue of DCC "MANY" false positives has
been raised, it IS NOT a false positive.  This traffic is bulk!


>                                                           Either way,
> it makes the copy counts pretty much useless.

On the contrary, no reasonable DCC bulk threshold would be below the
true target of messages for this list.  This is not a big mailing list,
but there are more than enough subscribers to make every message "bulk"
by any reasonable definition and above any reasonable DCC client
threshold.  You've probably seen small target counts, but only because
this list's traffic is often whitelisted, and in the name of privacy
the DCC client code does not report whitelisted messages to DCC servers.

I do agree that the client thresholds are not critical.  Any value
between a handful and a few dozen is about the same.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.