Context counts, even in spam blocking

Different kinds of spam, while all being spam, are still different. As such, tools useful in limiting one kind are often not at all appropriate for another.

And lately one of those right tools for the wrong job is becoming very popular. In this case the DSBL list of open SMTP relays.

Open SMTP relays are basically mail servers set so that anyone could connect to them and send email messages through them. There’s nothing wrong with having a mail relay, but there is a problem with them being totally open an unauthenticated. They’re very popular with spammers, because the spam senders can connect to these relays and send their spam messages through them, instead of directly from their own computers.

Which is why things like the DSBL list exists. Mail servers can choose to check all incoming messages against the list, and if an incoming message came from one of those known open relays, they can treat the message as probably being spam. It won’t always be spam, but there’s good enough a chance that the false positive ratio isn’t too big.

The problem starts when people try to use the exact same list to decide if comments on blogs are spam. There is no real connection between the two. Blog comments are not sent as email messages, and do not transfer through those mail relays. And many of these relays are not intentionally so, but are rather just badly configured. Blocking email from them is legitimate, because they’re open to abuse. But blocking blog comments from them isn’t, because nothing on them indicate that they’re used by comment spammers instead of real people.

My problem isn’t with the concept of checking against problematical lists. There are alternative lists like the Blitzed DNSBL which are based on open proxy servers. Proxy servers are ones which allow to transfer through them regular web access methods, such as the ways used to post comments to blogs. And comment spammer do use these.

It’s just that more and more people are blocking against the wrong kind of list. They’re protecting themselves against the wrong kind of spam. Meaning that large majority of the addresses they block will be false positives. And that’s a bad ratio.

This is becoming a larger problem because it becomes easier to use. Many of the popular blogging platforms have plug-ins to fight spam. And a few, which are increasing in popularity, allow to check the IP address of the comment poster against such lists. And the DSBL list often comes on by default, for reasons I can’t quite grasp.

Pointless, and irrelevant. Fighting spam is good, but people should do it properly, not with the wrong methods. People sometimes don’t notice this, though, because these lists are often combined, including both mail relays, and some proxies. Which mean they may sometimes also block what people think they will. But using just a combined list is too blunt an instrument. It’s akin to blocking all English speaking people because there are spammers in the US.

Another thing which complicates using such lists, and blocking based on computers’ IP addresses in general, is dynamic addresses. Many internet users receive a dynamic IP address from their ISP whenever they connect to the internet. This means that when they disconnect, and then reconnect, they get a different address. And the previous address gets back into the pool of addresses, to be given to a different user.

If someone has a badly configured server on a home computer with a dynamic address, and it manages to get into such a list, that will not prevent them from sending spam (whether email, comment, or other kind), but will block other users of the same ISP instead.

The reason for this rant is, well, that this happened to me. More than once. I was blocked a few times posting to different blogs, because my IP address, my dynamic IP address that I possibly never used before that day, was included on the DSBL as an open mail relay.

And they were added to the list over either a single incident, or two incidents, which occurred no later than 2004. Someone had a server that allowed people to send mail messages, and because of that I was blocked years later from posting comments on a blog.

The first time this happened I thought it was a non-issue. But it’s becoming one very fast.

Yes, any form of automatically detecting spam will have false positives. But that’s not a reason to go with forms who will only happen to have non-false positive by pure luck. There are other ways to fight spam than methods who will interfere with legitimate users more than they will interfere with spammers

Leave a Reply

You must be logged in to post a comment.