[AusNOG] [SHAME] spamrats.com
Scott Howard
scott at doc.net.au
Fri Jan 11 09:29:32 EST 2013
On Wed, Jan 9, 2013 at 9:57 PM, Julian DeMarchi
<julian at jdcomputers.com.au>wrote:
> I don't like to publicly shame[0] companies or services but today I have
> found a need too. There is an anti-spam company called Spam Rats[1].
> They provide an RBL service and today is the first time I've seen them.
>
There are thousands of blacklists. Some of them are good, some of them are
evil. Many of them are mis-used by the people that configure their mail
servers to use them (eg, they are designed to be used for scoring, but
people configure them as a simple block/allow decision). "Shaming" a
blacklist because you don't agree with their policies simply makes no sense.
> I'm emailing this list to advise of their listing pratices. They have
> listed a /24 of my companies for lack of PTRs in the range. Yes. Lack of
> PTRs in the /24 range. This is for co-lo customers. The range has a
> netural score on senderbase.
>
I'm presuming you're referring to their "RATS-NoPtr" list? According to
the description on their website, "RATS-NoPtr is a collection of IP
Addresses that *have been found sending an abusive amount of connections*,
or trying too many invalid users at ISP and Telco's mail servers, and are
also known to have no reverse DNS".
Presuming that's true (and I'm sure that we'd all be happy to hear if you
have any proof that it's not), then your original clam is wrong. You're on
the same /24 as someone they are claiming is a spammer. Unless there's
some heavy SWIP'ing going on (and even if there's not), that's going to
cause you issues with any number of RBLs.
Whilst SenderBase is a good place to check to see one companies view of IP
an IPs reputation, it's hardly a definitive reference. (And yes, I used to
work for IronPort, so I have a very good knowledge of how SenderBase works).
This is the first RBL I have seen list a /24 for lack of PTRs. Not for
> sending spam, but just PTRs alone.
Again, do you have proof of this? Their website explicitly states
otherwise.
> How do you explain this to your customer?
>
You don't. You explain to them that the recipient is blocking their mail,
and that the recipient should contact their ISP to determine why. If they
are using a high false positive RBL, then that's a problem on the recipient
side - not yours.
Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130110/e904d90f/attachment.html>
More information about the AusNOG
mailing list