tarbaby & greylisting (Was RE: New wiki page)

Mon Jun 29 20:29:02 IST 2009

Steve Freegard came up with some really good points about tarbaby, so I
posted them to tarbaby's & hostkarma.emailfilter.com's developer Marc
Perkel. Below is his reply if your interested.
----------------------------------------------------------------------------------------------------------------------------------
Marc Perkel <support at junkemailfilter.com> wrote on 06/29/2009 11:28:16 AM:
> Re: tarbaby & greylisting
> Gerry Maddock wrote:
> > If I am already greylisting on my mailservers, does tarbaby still help?
I
> > started a discussion on MailScanners mailing list on tarbaby and some
> > people think if I'm already greylisting, tarbaby is pointless. They say
in
> > turn, that if I'm already greylisting, I may slow down some emails more
by
> > using tarbaby. I haven't encountered that as both of my incoming
> > mailservers are @ an MX priority of 10 & tarbaby is 30. I'd like to
hear
> > your thoughts on this. Another valid point some on the MailScanner
mailing
> > list bring up is:
> >
> >
 It does help some in that spambot don't retry so any spam bot hitting us
 doesn't hit you. And the spam bot gets blacklisted. So if you use my
 black list too then you get an added benefit because it has spambots
 targeting you.

> > "Technically there is no problem with the method.
> >
> > The issue is a moral one - people using this should realise that the
> > owner of tarbaby could very easily start collecting or rejecting mail
> > received for your domain either maliciously or by accident and as
people
> > using this service have no contract with the provider therefore have no
> > comeback should this happen.
> >

 Technically this is true. However if I did this I wouldn't be in
 business long. It's a trust issue. Just like using any list is. People
 who use tarbaby trust me not to do the wrong thing.

> > Whilst the same could be said of any blacklists (they could reject all
> > your mail either maliciously, on purpose or by accident), but pointing
> > one of your MX records to a 3rd party goes a step further than this and
> > could allow someone to collect your mail without your knowledge.  For
> > example: instead of sending 451 at DATA, they could easily do it after
> > the message has been sent (at dot) and you'd be none the wiser.  It
> > would still function the same as it does now except a copy of the
> > message could be kept.
> > At the end of the day - it's all about trust."
> >
> > What are thoughts on this?
> >
> >
> >

 Ultimately it is about trust. However harvesting good email at the
 highest MX isn't going to get much ham. And I don't see why I would be
 interested in reading other's email. I barely can keep up with my own.
 Feel free to pass my comments on to the list.

 Bottom line is that I'm known as an anti-spam fighter in the spam
 filtering community. I also used to be the sys admin for the Electronic
 Frontier Foundation and I'm a strong privacy advocate.

 --
 Marc Perkel - Sales/Support
 support at junkemailfilter.com
 http://www.junkemailfilter.com
 Junk Email Filter dot com
 415-992-3400

CONFIDENTIALITY: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and / or privileged information.  Any unauthorized review, use, disclosure or distribution of any kind is strictly prohibited.  If you are not the intended recipient, please contact the sender via reply e-mail and destroy all copies of the original message.  Thank you.