- Individual spam sources: “These are generally taken from spam samples that have arrived here, and from discussions on news.admin.net-abuse.email.”
- Bulk mailers that don't require closed loop confirmed opt-in from all their customers, or that have have allowed known spammers to become clients.”
- “Networks that provide services to spammers.”
- Web servers running software vulnerable to spam relay, such as FormMail.
- Open relaying mail servers.
- “Free mail providers.” One assumes this relates to sites like Yahoo or Hotmail.
- “Systems that send virus notifications (klez, sobig, etc) to the supposed sender.” In other words, a specific type of backscatter.
- “Systems that have delivered challenge-response” messages to Carl's mail server. Yet another type of backscatter.
- “Systems that are owned by organizations that latently violate the TCPA.” This refers to what most would call phone spammers, entities where Carl is aware them sending pre-recorded telephone message solicitations. (In other words, not email related.)
Over the years, I've answered a lot of questions from a lot of companies trying to figure out how to do the right thing with regard to list management and application of abuse prevention best practices. One of the recurring themes in the many emails I receive is blacklisting. I'm blacklisted! What do I do? How do I get un-blacklisted? How do I prevent myself from being blacklisted? Interestingly, one of the blacklists I'm most frequently asked about is Fiveten. Why is that?
Well, after tracking the effectiveness of Fiveten for many months, I've figured out why: Fiveten is inexact and inaccurate. It blocks only a so-so level of spam, and, on a percentage basis, it tends to block more non-spam than spam.
Could any of these senders have list management issues? Could any of them be spammers, or be engaging in bad acts warranting blacklisting? Potentially, yes. I know nothing about the practices of any of these entities listed. But, I do know that even the “good guys” can go off the rails once in a while and end up on a blacklist. But it seems unlikely that this is the case with all of them. To me, this is further indication that Fiveten is unsuitable for use as a spam blocking mechanism.