By Diane Poremsky
As some of my reader's recently discovered, my mail server was refusing mail from some domains. My administrator uses an RBL (realtime black list) and a domain filter to block spam. After a few days of spam coming from Earthlink servers, he added earthlink.com to the blocked domain list. Under the threat of finding a new job, he has since "whitelisted" outlook@cdolive.com, so all mail should come through without problems.
This points out a problem all administrators face when they try to prevent spam - they inadvertently block real mail and that makes using email a lot more difficult. I'm a big fan of domain blocking, especially using a system that accepts wildcards. A simple entry like "*@*casino*" blocks a large number of domains that contain the word casino. I prefer using it since the false positive rate is low - at one point it stopped all but the spam from hotmail, lycos, and yahoo addresses, until spammers started sending from new domains. It takes a few minutes a day to add the newest spammers to the blocked list.
My administrator, like so many other administrators, likes RBLs because they are easy to use and someone else maintains the list of blocked IPs. I think they just reduce the amount of mail a sever receives and this column is about why RBLs are bad.
Some RBL lists block all dialup accounts - Roadrunner, Earthlink, AOL etc, plus all UUNet IP addresses. These are called vigilante lists - they block anyone who gets on their wrong side for any reason and getting off these RBL lists is difficult, and in many cases, downright impossible. The good ones only block open relays and spam domains. They'll remove you from their list as long as you aren't an open relay. Since Exchange 2003 includes RBL filtering, I'm afraid we're in for a difficult time in a few months, when admins try using the RBL filter and pick the wrong RBL provider.
Generally, if you use the ISP SMTP server mail will go through. It's the guys who like to bypass the ISPs server and send directly from their own computers that have a problem. But the worst RBLs block the ISP SMTPs too.
Roadrunner was blocking my mail server, just because it was on the Sprint network, using the reasons found at this URL: http://security.rr.com/mail_blocks.htm#security. Since I'm not the actual owner of the IP address they wouldn't remove my IP on my word. So I set up filters to look for rr.com in message headers and waited for a spam from RR. I knew it wouldn't take long and when it arrived I forwarded it to their security address. I thoroughly enjoyed telling them to stop their own spammers before they start telling other providers how to run their networks and they immediately removed my IP from their blocked list. For more info on RR policies see http://security.rr.com, especially if you administer a mail server.
