On 26/06/2010, at 6:34 AM, Jay Daley wrote:
On 25/06/2010, at 4:05 PM, Joe Abley wrote:
My impression from those who spend much of their time with this stuff is that the right thing is to authenticate your users and check each outbound message against a useful set of heuristics to avoid spam being relayed by your servers. "The client address is in a blacklist" by itself does not sound like a useful set of heuristics, to me (as you have discovered).
Whilst it might be expedient to refuse connections from anonymous people in the Internet based on something as crude as "client address is in a blacklist", in the case of an authenticated user it seems far better to let them connect and deal with any apparent infection they have (drop mail, proactive phone call, whatever fits the budget) than it does to refuse to talk to them. The latter is almost guaranteed to cost you money in your helpdesk budget.
That's the very reason that many people do it - to get the phone call so they can educate the customer, protect their service and reputation and generally make the Internet a better place. Money is not the major motivation for most who take this war seriously.
Educating a customer of any ISP, be it an ADSL provider or a hotspot provider, that their IP address is in the spamhaus XBL likely isn't very helpful, especially when it's a public hotspot (where they can't actually fix the root cause) as opposed to say a home (where they can). Can an end user de-list themselves from the XBL, or does their ISP have to do it for them? -- Nathan Ward