[Mimedefang] Catching the porn spams

[WBrown at e1b.org]

mimedefang-bounces at lists.roaringpenguin.com wrote on 09/08/2004 05:46:48 
PM:

>        Blacklist based systems cannot keep up and cause too many
> false positives.  It's like we have two billion doors and are trying to
> identify and close the doors a bad e-mail might come through.

Most of the problems w/ blacklisting I have seen is that things stay on 
the list long after the problem is resolved.  in the past, I've seen open 
relays get fixed, but it's still on some obscure list that the relay owner 
wasn't aware of.  They should re-test and remove fixed systems, or expire 
entries pending resubmission.

I ran into one blacklist that too a real bullsh*t attitude that they were 
going to charge you two hours of an exorbitant consulting fee to remove 
you from the list.  I told the customer that they can call the receiving 
site and tell them as long as they used that black list, they would never 
get mail from them.  I didn't hear the resolution on that situation.

> Probably the most important things a whitelist system can do is 1)
> automatically whitelist addresses the person sends mail to 2) make sure
> challenges come from the person's actual email address.  Following those
> two rules, even IF everyone were using it, challenges wouldn't get
> challenged (one of main objections to C/R).  Also tagging outbound
> messages so anyone could reply...

And this would be very easy for the spammers to write mail systems to look 
for the challenge, and respond.  The only ones that make it difficult for 
automated response are the ones with an image that has to be typed, but 
many of those cause problems for people with vision problems.  And they 
break down when you use text only mail readers.

What about some end-user type that signs up for legitimate email 
notifications.  Who is supposed to check for the challenges from the EUs 
that don't remember to add the notification system to their white list?