|
|
|
1. What is a RBL?
RBL is an acronym for "Realtime Block List". In the case of e-mail there are distributed projects on the Internet which monitor where spam e-mail is originating from and add these to a real time list which can be checked when deciding whether to accept or deny e-mail. Most spam on the Internet originates from two places: - Virus/trojan infected machines which appear to be running normally to a user but are also sending spam out to the Internet at large after being fed a list of addresses/spam e-mail from a remote operator. - Professional spam organizations. These businesses actually pay for a real connection to the Internet and then send spam out from their own systems up to any limits imposed on them by their ISP. (In a lot of foreign countries for instance ISP's have zero restrictions against spam and won't stop a spammer based on complaints). The RBL identifies these machines by their internet address and adds them to a list that can be checked in real time by an e-mail server. If a server has been listed as a spam host the mail will be refused immediately. This means less overhead on e-mail systems and a lot less spam for end users. It also generally means less "fake" bounce messsages that users receive when spam is forged to come from them.
|
|
2. How are RBL's used at K-State?
After discussions with the Security Incident Response Team (SIRT) and the Deans council it was determined that appropriate RBL's can and should be used on the central e-mail systems as part of the e-mail enhancement project. The two RBL's chosen are spamcop and Spamhaus. Both of these RBL's are large well known RBL's which are careful as to what addresses are listed on their lists as well as having clear procedures for getting off their lists. This means that false positives are almost unlikely to ever occur as the sheer volume of e-mail operators acting on the internet keeps the lists in check.
|
|
3. Why are RBL's used at K-State?
We don't have the resources to find all the spam being sent to K-State addresses. Using these RBLs allows us to leverage the resources we do have and reduce the total volume of spam coming to K-State addresses. On a recent day, the RBLs we use rejected over 400,000 messages as spam.
|
|
4. What can I do if e-mail I want to see is blocked by the RBLs?
The only thing you can do is encourage the people who tried to send you the e-mail to contact their e-mail administrators and have them fix their problem. Their site is listed on the RBL because some machine at their site sent enough spam to the world to get on the RBL in the first place. They will have to clean up that machine and then petition the RBL to be removed. When our SpamCop RBL blocks e-mail, we return a message like this: Your mail was marked as spam and blocked, see: http://spamcop.net/bl.shtml?YYY.YYY.YYY.YYYIn this example, YYY.YYY.YYY.YYY is replaced by the IP number of the site being blocked. The administrators of that site must contact the RBL to learn how they can be removed from the RBL. Providing this URL gives them an easy way to start this process. When our Spamhaus RBL blocks e-mail, we return a message like: Your mail was marked as spam and blocked, see: http://www.spamhaus.org/SBL/ When our local RBL blocks e-mail, we return a message like: If you are not a bulk e-mail provider, please go to http://www.ksu.edu/cns/forms/notspam.html
|
|
5. Why is valid e-mail being blocked by a RBL?
As mentioned above, the RBLs do a tremendous amount of good for us that we can't do by ourself. Let's look at an example to see why valid e-mail might be blocked by one of the RBLs we use: If my desktop PC gets a virus that send thousands of pieces of spam out to the world, K-State will probably get listed on a RBL. Anyone who uses that RBL will reject e-mail coming from a K-State address until my machine is cleaned up and the RBL can be convinced that my machine won't send spam any more. This ensures that K-State has a vested interest in keeping K-State machines from sending spam, even though I may not know anything about my machine and the spam it's sending out. The bottom line is that the RBLs encourage K-State to do it's best to make sure no spam comes from K-State addresses.
|
|
6. Can my site be added to K-State's accept list?
The short answer is no, and here's why. We get millions of pieces of e-mail each day, from thousands of different sites. We don't have enough people to investigate each of those sites that might want to be added to our accept list and then maintain it (a site that might be on our accept list today could get a virus tomorrow and start sending out spam - which we would accept because it's on our accept list). That's exactly why we started using the RBLs in the first place. And even if we had an accept list, it's too easy to forge that address so we end up accepting e-mail from a spammer that forges addresses on our accept list.
|
|
7. Where can I get more information about the RBLs K-State uses?
For more information about SpamCop, see: http://spamcop.netSee the Spamhaus FAQs at: http://www.spamhaus.org/sbl/sbl-faqs.lassoTo see our internal RBL form, see: http://www.ksu.edu/cns/forms/notspam.html |
