Thanks for visiting! Remember that nowadays, (most) blocklists don't really govern deliverability and inbox placement. Want to learn more about email marketing best practices, email technology, and deliverability troubleshooting? Then you'll want to check out my other site, Spam Resource.
Showing posts with label cbl. Show all posts
Showing posts with label cbl. Show all posts

Spamcop BL: A blacklist with a hair trigger

The Spamcop Blocking List (SCBL) is a DNSBL populated with data obtained from spamtrap hits and spam reports from users of the popular Spamcop spam reporting service. The Spamcop spam reporting service was originally created by Julian Haight. It was later purchased by Ironport Systems. Ironport has since been purchased by networking and communications technology company Cisco. (In spite of this transition to corporate ownership, the Spamcop site's front page contains a prominent legal defense fund link, and contains further information on the fund in the Spamcop FAQ.) 

Unlike the more privately-run CBL, which is designed to minimize the impact on legitimate mail, the SCBL regularly blocks sources of mail that some feel are legitimate. It has been described as having a "hair trigger" by respected anti-spam and internet guru John Levine, and I related some of the issues I've had with Spamcop from 2003 over here on spamresource.com. In fact, back around that time, the SCBL information page said this regarding using the list: "This blocking list is somewhat experimental and should not be used in a production environment where legitimate email must be delivered." As I look at the same page today, in February, 2006, I can see that guidance has since been modified somewhat. Spamcop now recommends "use of the SCBL in concert with an actively maintained whitelist of wanted email senders. SpamCop encourages SCBL users to tag and divert email, rather than block it outright." Both then and now, they go on to add, "The SCBL is aggressive and often errs on the side of blocking mail." 

Translated: "Don't block mail with this blocking list, it will block mail you want." 

Like ISP feedback loops, the spam complaints lodged by Spamcop users are sometimes found to be erroneous. That's not to say that where there's smoke, there's never a fire. But just like with feedback loop reports, significant spam issues generate far more reports than than the day-to-day noise of people lodging spam reports about email from a company they previously did business with, or otherwise had a potentially legitimate reason to be contacted by a given sender. (As an example, I noted my issues with confirmed opt-in/double opt-in systems being listed by Spamcop in 2003; I don't believe I'm the only one to ever have observed that kind of issue.) My experience with Spamcop has taught me that it's not always that good at drawing the line between blocking spam and blocking wanted mail. 

Spamcop's probably really good at blocking spam-in-progress from infected servers spewing illegal spam. (Though, the CBL isn't too shabby at that, either.) The problem is, Spamcop will block mail in a number of edge cases, like if an email service provider is tasked with serving mail on behalf of some e-commerce or travel site. If you want to ensure that you're always going to receive your follow up emails from the department store you ordered that purse from, or the hotel reservation from a booking site that outsources their confirmation email, choosing to outright block mail from servers listed on the SCBL may not be your best choice.

CBL: Block those exploits!

The Composite Blocking List (CBL) is a DNSBL that helps you block mail from exploited computers. That includes abused open proxy servers, as well as virus and trojan-infected spam spewers, the primary vector for most of the illegal spam people are receiving nowadays. By some counts, there are millions of these computers in the world, and besides spam, they’re also responsible for denial-of-service attacks, virus distribution, phishing, etc.

As the CBL website indicates, the data behind the listings is sourced from very large spamtrap-receiving domains and various email infrastructures. Their intent is to list only IP addresses that exhibit characteristics specific to open proxies, viruses, stealth spamware applications loaded on a computer without the user’s knowledge, etc. They don’t knowingly attempt to block any sort of legitimate mail. And I would characterize “legitimate” very broadly here – legitimate senders like most email service providers (and their clients) should rarely, if ever find their mail blocked by a CBL listing.

Though, on occasion, it does happen. CBL doesn’t ever list good senders intentionally. The problem is that some computers share IP addresses with others, behind a NAT (network address translation) device or firewall. Your legitimate mail could be going out to the internet over an IP address shared with an infected, spam-spewing Windows desktop. It’s fairly rare, but when it does happen, CBL makes it easy for you to address those kinds of issues, by allowing you to remove any entry from the list. This allows you to again send mail to the site that was rejecting it due to the listing. Keep in mind that if they again later see bad traffic coming from that IP, it could get listed again. That means it’s important to figure out what on your network is infected or spewing, and fix it.

I recommend use of the CBL (or one of the other lists that includes the CBL data) to filter or reject inbound mail. It helps to block some of the worst types of illegal spam out there, and the risk of blocking legitimate mail is very low.

The CBL listing data is integrated into the Spamhaus XBL (and is therefore also part of Spamhaus ZEN). If you use either of these Spamhaus DNSBLs to tag, filter or reject inbound mail, then there’s no need to utilize the CBL as well – you’re already doing so.