|Why Blacklists Don’t Work|
|Written by Save the Mail!|
|Saturday, 23 January 2010 01:02|
Yesterday CJ Fearnley of Open Source Magazine & Remote Responder posted an interesting blog on “best practices for SMTP blocking of email spam,” stressing to readers the dangers of blocking blacklisted Received headers at SMTP time, while endorsing the general practice of blocking blacklisted senders at SMTP time.
Here at Save the Mail we are big proponents of taking advantage of the ability to block invalid email at the time of SMTP transfer – when it’s possible to determine absolutely that a message is invalid. Typically 90%+ of the email any individual or organization receives is invalid and it would be nonsensical to accept every one of these messages and then work to determine what is good and what is bad.
Technologies that can weed out the most obvious spam before messages enter the network (e.g. directory synchronization checks and certain forms of greylisting) can be an immense help to organizations seeking to alleviate bandwidth requirements while protecting their email infrastructure.
However we can’t help but think that Blacklists of any kind are not one of these said technologies. Blacklists have been in use for 10+ years but at their core, they tend to hurt legitimate companies who for whatever reason have angered the email gods, while not truly stopping the “dangerous” senders they are meant to.
From a spammers perspective: as soon as their IP is blocked, they get a new one and continue to spam. It is a numbers game for them and one blocked ip address means very little. Meanwhile, law-abiding “emailers” are blacklisted daily and left to clean up the mess – without the advantage of being able to simply dump their ip and move onto a new one.While nearly every major open source solution on the market utilizes some kind of Blacklist, we strongly suggest companies consider alternatives before diving in. As mentioned above, certain forms of greylisting (we are partial to our own implementation, SilverListing) or even a simple sender/recipient check are typically as effective (if not more so) than the use of blacklists, but don’t introduce the same set of consequences or danger of false positives – particularly when your blocking email at SMTP time.
|Last Updated on Wednesday, 07 April 2010 19:34|