How can I Blacklist a Blacklist?

Submitted by Matt on Mon, 26/01/2015 - 18:59:26

Spam is a nuisance - this is a fact that I won't deny - so I can't blame people for using spam filtering software to keep their inboxes clean.  One measure that a system administrator can employ is the filtering of incoming mail against DNS blocklists - the sending servers are looked up against another machine which reports back whether the server is a known spam sender.  At this point, the receiving machine can use that information to either reject the mail outright, or use the information as part of a scoring mechanism.

At work, the system administrator inbox seemed to have a load more "Delivery Failed" meaages generated than normal so I decided to take a look to see what the cause could be.  After much digging, I found that our corporate domain had been listed on the SURBL WS list.

The SURBL WS appears to be an interesting list because rather than simply list IP addresses or domains of where spam email originates, this one lists domains that appear in links in spam emails.  It seems that over the years, spammers have got wise to how to send spam mail, so dispatch them from multiple domains advertising a site or service.  Once the originating domain gets blacklisted, they move on to sending from another domain/IP.  The WS list looks at mails that have been marked as spam by end users and what websites they are linking to (not where they originated from) and then lists the domain(s) contained within the email.  It's a clever way to beat Johnny spammer at his own game.

Now, I have no major issues with anyone holding a list of spammers and publishing them as long as there is a method of being removed from the list and finding out what caused the listing in the first place.  SURBL have such a procedure where you fill out a fairly intrusive form about where your email originates, samples, headers etc.  I do not believe that we have been sending Unsolicited Bulk Email to anyone who hasn't been in contact with my company or expressed an interest in our services, so I was quite surprised to be told that our domain had been listed due to multiple complaints!  Trying to extract information on specifics was a non-starter and for a company that prides itself on good practices I was irritated by the lack of feedback, right of reply or information given to conduct a proper investigation.  I also felt quite put out by a terse response to some specific information I had provided telling me to just respond with "yes" or "no".  

I don't believe in spam, nor do I condone it, but if blacklists are going to be set up it's important to understand that sometimes there are false positives on the list and that it's important to help rather than to assume that everyone who makes it onto the blacklist is out to spam the hell out of everyone and not at least try to follow best practice.  

Just my couple of cents worth.