Anyone using zen.spamhaus.org?

Glenn Steen glenn.steen at gmail.com
Tue Sep 5 17:47:25 IST 2006


On 05/09/06, John Rudd <jrudd at ucsc.edu> wrote:
>
> On Sep 5, 2006, at 12:37 AM, Glenn Steen wrote:
>
> > On 05/09/06, Alex Neuman van der Hans <alex at nkpanama.com> wrote:
> >> John Rudd wrote:
> >> >
> >> > On Sep 4, 2006, at 5:11 PM, Glenn Steen wrote:
> >> >
> >> >>
> >> >> I for one work under legislation that prohibit me from flat-out
> >> >> rejecting _based on sender alone_ (it's a bit more involved than
> >> that,
> >> >> but lets leave that:-)
> >> >
> >
> > It's a brew of different (Swedish) laws governing "principal of
> > availability and open equal dealing with all subjects"... Laws
> > covering everything from freedom of speech(!) to how public documents
> > are to be archived and handled. I'm certainly no lawyer, but
> > thankfully a central .gov agency (Statskontoret for those who really
> > want to know) has made a set of guidelines for us poor "public
> > mailadmins" to follow. They're pretty generic, and open for _some_
> > interpretation, but paramount is that the collected body of laws does
> > not allow us to use "generic blacklists" for rejecting messages. If I
> > could somehow complement everything to know that a sender was actually
> > a Swedish subject, then perhaps I could use BLs, but... Alas not now.
> >
>
> Except... RBLs don't block senders.  They block hosts (actually, that's
> not true either: they block IP addresses; a host can change IPs over
> time, and a sender can change hosts frequently ... especially when you
> consider relaying).  Seems to me a distinction could be made...
>
> I mean, if I use a DUL type RBL to block ISP customer IPs, I'll still
> receive the sender's email via the ISP's proper mail gateway.  I could
> go on, but RBLs are not even remotely about "based on sender", IMO.
>
Either I'm not explaining this well, or you are plain missing the point:-).
The point (made by the lawyers mostly ... IIUC, the guidelines were
put together by a joint group of "technicians" and "lawyers"...) is
exactly that. I cannot reject mail _potentially_ from a Swedish
subject based _solely_ on BLs.
But if if a citizen choose to make their matter plain in a mail that
is otherwise spam, or a message containing a virus or other malicious
content, I can set things up to quarantine this from ever reaching the
end recipient, and slate it for deletion. It is akin to the case where
some citizen has scribbled the message in the margin of an IKEA
catalog... I don't have to rifle through the catalog, but can just
dump it out of hand... But for email I (or some other person) have to
make a "simplified screening" (I look at the senders/subjects in
mailwatch:-) to make everything comply to norm.
With BLs I cannot be certain enough. So ... The guidelines go on to
detail that it is OK to use them for scoring or tagging, and that is
exactly what I do.
This only affects public bodies, so the private sector is not under
these laws (not that way at least).

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list