• by Tom Hespos , April 27, 2004

How many news stories do you read that are like this? These blacklist wars can last forever. One company complains about spam coming from a certain IP range, blocks it and tells the owner of the offending IP blocks to clean up its act. Meanwhile, the spammers who have been utilizing those IPs to send spam have moved on to a new IP address and are continuing to send.

Folks, blacklists don't work for exactly the reason I just gave. As soon as a spammer's IP is blocked, he gets a new one and continues to send. Meanwhile, the poor guy who inherits that IP from a spammer quickly finds that he's on a blacklist and can't get legitimate email delivered. Occasionally, you'll see a drastic action like the one in the article I linked above - an entire ISP or even a whole country gets blacklisted and IT folks and legit ISP customers are left holding the bag.

I see this in action practically every day. My blog contains a comments field that readers can use to provide me with feedback on the stories I post. With alarming frequency, spammers visit my blog and leave comments with links back to their site (that almost invariably sells "male enhancement" pills) in an attempt to get some no-cost traffic and boost their number of inbound links, thus pumping up their search engine juice.

My blog software also has an IP banning function. If someone leaves "comment spam," I can essentially flip a switch that prevents users of a certain IP from posting future comments to the site. This is an almost perfect microcosm of email blacklists. As soon as I ban a specific IP, the comment spammer comes back with a different IP address and posts the same message again.

Recycling one's IP address is a simple thing to do. If your home computer is on Windows XP and you use an ISP that uses DHCP to allocate IP addresses, you can call up a command prompt by visiting "Accessories" under "All programs" in the Start Menu. Type "ipconfig/release" at the prompt to release your current IP address. Wait a couple minutes and then type "ipconfig/renew" and you should have a new IP. Someone else will eventually inherit your old IP address.

Spammers use similar tactics to mask their identities. (They also look for open relays and vulnerable mail scripts on web servers all over the Internet. This helps them to continue to be tough, if not impossible, to track down.) Can you see why banning specific IP addresses or IP blocks is a silly strategy?

Personally, I think an effective spam combating technique lies in P2P technologies like that used in Cloudmark's SpamNet. This product essentially creates a peer-to-peer community of spam fighters. When one identifies a message as spam, the message is filtered out of the inboxes of the rest of the community. Sure, it's not perfect, but it's better than inconveniencing legitimate Internet users who might use the same ISP as a spammer.

Blacklists have blocked plenty of legitimate email traffic. Let's end this practice and work toward developing a new infrastructure for email that won't allow for such easy exploitation of its flaws.