[SATLUG] Nolisting?

Brad Knowles brad at shub-internet.org
Mon Feb 19 14:25:04 CST 2007


At 7:06 AM -0600 2/19/07, Daniel J. Givens wrote:

>  Have you guys heard of this?
>
>  http://www.joreybump.com/code/howto/nolisting.html

Yup.

>  I know we have some folks around here that have spent a lot of time thinking
>  about the spam issues and wanted to get some thoughts on this practice?
>
>  I personally think it sounds...well, not quite good for standards, 
>but what do
>  you think?

It's one of the new parts to the series of articles I'm writing for 
publication on the LOPSA.org website.


In short, it depends on all real MTAs operating properly and in 
accordance with all of the specifications in the RFCs, which is not a 
good assumption.

It then proceeds to intentionally violate one of those operational 
procedures as specifed in the RFCs, in order to reduce a particular 
form of spam that the author has found objectionable.  In my 
experience, that's a trivially small part of the overall spam 
problem, and in fact spammers are much more likely to contact the 
higher cost MXes for a domain under the assumption that people 
running backup MXes for someone else won't have the tight anti-spam 
controls on those boxes as they do the primaries, which effectively 
acts as an auto-whitelist for the spammers to take advantage of.

Third, if used at only a small number of sites for a short period of 
time, it may be somewhat effective in reducing that particular type 
of spam.  If it gets any kind of wide adoption, the spammers will 
detect that and adjust their methods so that it no longer works.

The end result being that you have all these sites out there that 
intentionally "break" their mail systems and make permanent changes 
to the way they operate, in order to try and reduce the spam. 
However, it will have only a small temporary positive effect, but the 
negative effects of that will live on forever -- to the detriment of 
the Internet as a whole.


In other words, it's a "Bad Idea".  Almost as bad as using SPF, or 
requiring that all sites implement SPF.

-- 
Brad Knowles <brad at shub-internet.org>, Consultant & Author
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Slides from Invited Talks: <http://tinyurl.com/tj6q4>


More information about the SATLUG mailing list