BLOG

Are blocklists always a good decision?

One of the common statements about blocklists is that if they have bad data then no one will use them. This type of optimism is admirable. But sadly, there are folks who make some rather questionable decisions about blocking mail.
We publish a list called nofalsenegatives. This list has no website, no description of what it does, nothing. But the list does what it says it does: if you use nofalsenegatives against your incoming mailstream then you will never have to deal with a false negative.
Yes. It lists every IP on the internet.
The list was set up to illustrate a point during some discussion many years ago. Some of the people who were part of that discussion liked the point so much that they continued to mention the list. Usually it happens when someone on a mailing list complained about how their current spamfiltering wasn’t working.
Some of the folks who were complaining about poor filtering, including ones who should know better, did actually install nofalsenegatives in front of their mailserver. And, thus, they blocked every piece of mail sent to them.
To be fair, usually they noticed a problem within a couple hours and stopped using the list.
This has happened often enough that it convinced me that not everyone makes informed decisions about blocking. Sure, these were usually small mailservers, with maybe a double handful of users. But these sysadmins just installed a blocklist, with no online presence except a DNS entry, without asking questions about what it does, how it works or what it lists.
Not everyone makes sensible decisions about blocking mail. Our experience with people using nofalsenegatives is just one, very obvious, data point.

2 comments

  1. Al Iverson says

    At an industry conference a few years ago, I had fun displaying data on my “lucky seven” blacklist, which simply blacklisted any IP address that contains a number 7 in it. Amazingly, my testing showed that it had a better match rate against spam than a few better known blacklists out there. So yeah, there really are some poorly run blacklists out there.

  2. Catherine Jefferson says

    I would hope that the poorly run blacklists get a lower percentage of use now than they would have several years ago. But I’m not sanguine. I get lots of questions about blocklists in email. People are still asking about blocklists that were closed years ago, blocklists that are documented to block half the internet, blocklists with reputations for spite listings, and blocklists that are so poorly managed nobody can figure out what is wrong with them. I’ve also had requests to *add* blocklists that, when I tested them, blocked much of my personal email, most of my legitimate/requested bulk email, missed a lot of spam, and caught almost no spam that wasn’t blocked by better blocklists.
    IMHO blocklisting techology is brilliant, and a selection of good reliable blocklists should be a major part of anybody’s anti-spam configuration. But most blocklists (as opposed to the most widely used blocklists) are poorly run and not worth using.

Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.