On 26/06/2010, at 6:34 AM, Jay Daley wrote:
On 25/06/2010, at 4:05 PM, Joe Abley wrote:
My impression from those who spend much of their
time with this stuff is that the right thing is to authenticate your users and check each
outbound message against a useful set of heuristics to avoid spam being relayed by your
servers. "The client address is in a blacklist" by itself does not sound like a
useful set of heuristics, to me (as you have discovered).
Whilst it might be expedient to refuse connections from anonymous people in the Internet
based on something as crude as "client address is in a blacklist", in the case
of an authenticated user it seems far better to let them connect and deal with any
apparent infection they have (drop mail, proactive phone call, whatever fits the budget)
than it does to refuse to talk to them. The latter is almost guaranteed to cost you money
in your helpdesk budget.
That's the very reason that many people do it - to get the phone call so they can
educate the customer, protect their service and reputation and generally make the Internet
a better place. Money is not the major motivation for most who take this war seriously.
Educating a customer of any ISP, be it an ADSL provider or a hotspot provider, that their
IP address is in the spamhaus XBL likely isn't very helpful, especially when it's
a public hotspot (where they can't actually fix the root cause) as opposed to say a
home (where they can). Can an end user de-list themselves from the XBL, or does their ISP
have to do it for them?