Why anti-spam black lists are bad.
I want to make it clear that I’m not a spammer, I hate spam, and would like to find a way to banish it from the net for everyone, but black lists are just not going to make it happen, and here’s why….
I’ve recently been looking into Email and the inevitable spam problem, and have found that IP address based anti-spam real time black lists (or RBLs) are probably doing more damage than good.
One clear example of why they are so bad comes from a recent conversation I had with a techie who had been working on a support case where some information had to be emailed to a customer. The techie emailed the information and received a mail back saying that their IP address was block by a RBL and thus the mail wouldn’t be delivered. This meant that either the customer had to provide another mail address or Email server (which is hassle for the customer - never a good idea!), or the support techie had to use a non-company email account or outgoing email server (which would mean extra steps for the customer to verify the source of the information was the techie, and could fall foul of another anti-spam measure called SPF).
The reason for the problem was that the company the techie worked for used a server from 1&1 Internet (owned by a company called Schuland). One RBL had decided to block a block of over 65,000 of Schulands IP addresses, and thus anyone with a machine in that area was blocked regardless of whether they are a spammer, honest company, or anything else.
To make things worse the particular IP address is only blocked by 1 RBL. If you go to http://www.dnsstuff.com/tools/ip4r.ch?ip=188.8.131.52 you will see that out of over 250 RBLs only one makes the address as bad, yet it was enough to stop a company carrying our a valid and necessary business operation.
To make things worse many mail servers don’t respond to senders if an Email is filtered out by their spam filters (including RBLs). If the customers mail server had been configured like this the techie would have waited for a response from the customer, and the customer would have thought the techie hadn’t sent the information, which is a potentially damaging communication breakdown.
It’s easy to say that the receiving company should have configured their mail system to check multiple RBLs, but how many is enough?, should you consider an Email spam if 20 RBLs agree that the IP address is bad?, if so how long will it take for all 20 operators to register the IP address?
As you can see using RBLs can cause your email to be blocked unnecessarily, can stop you receiving help you may need, and can cause you to miss vital information, which, in my view, is worse than getting tens of spam messages per day.