Spamcop BL: A blacklist with a hair trigger

The Spamcop Blocking List (SCBL) is a DNSBL populated with data obtained from spamtrap hits and spam reports from users of the popular Spamcop spam reporting service. The Spamcop spam reporting service was originally created by Julian Haight. It was later purchased by Ironport Systems. Ironport has since been purchased by networking and communications technology company Cisco. (In spite of this transition to corporate ownership, the Spamcop site's front page contains a prominent legal defense fund link, and contains further information on the fund in the Spamcop FAQ.) 

Unlike the more privately-run CBL, which is designed to minimize the impact on legitimate mail, the SCBL regularly blocks sources of mail that some feel are legitimate. It has been described as having a "hair trigger" by respected anti-spam and internet guru John Levine, and I related some of the issues I've had with Spamcop from 2003 over here on spamresource.com. In fact, back around that time, the SCBL information page said this regarding using the list: "This blocking list is somewhat experimental and should not be used in a production environment where legitimate email must be delivered." As I look at the same page today, in February, 2006, I can see that guidance has since been modified somewhat. Spamcop now recommends "use of the SCBL in concert with an actively maintained whitelist of wanted email senders. SpamCop encourages SCBL users to tag and divert email, rather than block it outright." Both then and now, they go on to add, "The SCBL is aggressive and often errs on the side of blocking mail." 

Translated: "Don't block mail with this blocking list, it will block mail you want." 

Like ISP feedback loops, the spam complaints lodged by Spamcop users are sometimes found to be erroneous. That's not to say that where there's smoke, there's never a fire. But just like with feedback loop reports, significant spam issues generate far more reports than than the day-to-day noise of people lodging spam reports about email from a company they previously did business with, or otherwise had a potentially legitimate reason to be contacted by a given sender. (As an example, I noted my issues with confirmed opt-in/double opt-in systems being listed by Spamcop in 2003; I don't believe I'm the only one to ever have observed that kind of issue.) My experience with Spamcop has taught me that it's not always that good at drawing the line between blocking spam and blocking wanted mail. 

Spamcop's probably really good at blocking spam-in-progress from infected servers spewing illegal spam. (Though, the CBL isn't too shabby at that, either.) The problem is, Spamcop will block mail in a number of edge cases, like if an email service provider is tasked with serving mail on behalf of some e-commerce or travel site. If you want to ensure that you're always going to receive your follow up emails from the department store you ordered that purse from, or the hotel reservation from a booking site that outsources their confirmation email, choosing to outright block mail from servers listed on the SCBL may not be your best choice.

Status of block.blars.org: DEAD

The “Blars” DNSBL (block.blars.org) appears to have gone on walkabout.

Created in 2002, the “Blars Block List” was an aggressive, semi-private blocking list run by a gentleman known to the greater internet community only by the pseudonym of “Blars.”

The "BlarsBL" had a broad criteria for listing. This included spam sending domains, open relays, sites with disagreeable spam reporting policies, sites lacking abuse addresses, those who host spammer dropboxes or websites, those who have threatened Blars or others with legal action, and sites originating break-in attempts and other exploits (open proxy, open relay, etc.).

The list has been criticized for implying that payment was required for removal. From the site: "If you would like a site be added or removed from BlarsBL, you may hire Blars at his normal consulting rates (currently $250/hour, 2 hour minimum, $1000 deposit due in advance for non-established customers) to investigate your evidence about the site. If it is found that the entry was a mistake, no charge will be made and the entire deposit will be refunded."

The list appears to be no more. The websites www.blars.org and block.blars.org both resolve to a “This domain is parked free with GoDaddy” placeholder page.

Note: I confirmed today that all lookups against block.blars.org DSNBL will result in a match. This is the “Osirusoft solution,” also known as “listing the whole world.” Intentional or not, this means that if you continue to use this blocking list, you will receive no incoming mail whatsoever. If you are using this list to reject mail, I recommend you cease doing so immediately. It will block all of your inbound mail. See this page at MXToolbox.com further confirmation of BLARS mysterious disappearance. This post from the newsgroup news.admin.net-abuse.email indicates that it has likely been out of operation since approximately December 18, 2006.

Status of relays.ordb.org: DEAD

Created by Thomas Jensen in 2001, the Open Relay Database (ORDB) was one of the multitude of open relay spam blocking lists to come about in the wake of the legal troubles of Alan Brown and his New Zealand-based ORBS DNSBL.

The ORDB service ceased operation on December 18, 2006. The website was retired on December 31, 2006.

The website indicated that blocking open relays is no longer as effective as it once was.

"It's been a case of a long goodbye as very little work has gone into maintaining ORDB for a while. Our volunteer staff has been pre-occupied with other aspects of their lives. In addition, the general consensus within the team is that open relay RBLs are no longer the most effective way of preventing spam from entering your network as spammers have changed tactics in recent years, as have the anti-spam community.”

If you have checks against relays.ordb.org configured in your mail server or spam filtering software, please stop querying the list immediately. Use of the list will no longer block any unwanted spam, and the nameservers listed in the domain registration are likely overwhelmed with traffic. This is especially heightened due to the fact that the list was in wide, popular use, and also that it was so recently retired.

3/26/08 Update: ORDB has "listed the entire world" -- returning any query with a "listed" response. The result is that if you still have ORDB in your mail server config files, you're now blocking 100% of your inbound mail. For anyone still trying to "use" ORDB, you're not going to receive any inbound mail until you disable queries to it.

Status of opm.blitzed.org: DEAD

The primary project of the “Blitzed” group is the Blitzed Internet Relay Chat (IRC) network.

They also operated a DNSBL zone called opm.blitzed.org. This was the Blitzed Open Proxy Monitor (OPM). This popular open proxy DNSBL was run in such a way as to not probe a remote server to determine its open proxy status unless the server was implicated in reports of abuse. It did not list open relays.

The Blitzed group seems to have suffered a database or server failure as of May, 2006. This email to the “OPM Announce” mailing list details the situation, and explains that the OPM list would not be resurrected.

The list is not active at this time.

Based on this information, I would recommend that you remove opm.blitzed.org from the list of DNSBLs being checked in your mail server. It will no longer block any spam, and the potential exists for unpredictable results to be returned. Additionally, you'll be generating unnecessary DNS query traffic to the Blitzed network.

Status of relays.visi.com: DEAD

The zone relays.visi.com was home to the VISI.com Relay Stop List (RSL). According to the site, “RSL was created by volunteers, VISI.com users who wanted a conservative open relay list to use to assist VISI.com's "nospam" server filters. We are happy to share it with others in the Internet community.”

Hosted by VISI.com, a strong regional internet service provider with thousands of clients, it was positioned as a free alternative to the MAPS RSS relay blocking list. (The MAPS lists were originally free, but were converted to a “paid access only” system in 2001.)

In 2003, the RSL suffered from a hardware failure that resulted in a loss of data, but the system was restored by August.

The RSL website was last known to have been active in 2004. I have it on pretty good authority that since then, the people behind the project have moved on to other things.

The list is not active at this time. It will not block any spam, and I recommend against including it in any DNSBL checks, as it generates unnecessary DNS traffic to VISI.com.