Postini And The On-Again, Off-Again Spam List

The message security company briefly found itself on the Spamhaus Project's block list after a recent e-mail campaign, resurrecting the debate over DNSBLs.
Posted November 15, 2005

Jim Wagner

Anti-spam vendor Postini has looked at spam from both sides now.

The Spamhaus Project, a popular U.K.-based organization that maintains a database of spamming activity, placed two of the San Carlos, Calif., company's IP addresses on its Spamhaus Block List (SBL) recently after receiving numerous complaints of unsolicited e-mail from the company.

While the IP addresses were removed from the list the following day, the brief listing highlights the tensions that exist between the different entities that make up the anti-spam community.

Andrew Lochart, senior director of marketing at Postini, said the episode with Spamhaus is a tempest in a teapot. He said the incident demonstrates how real-time blackhole lists (RBL) are a failed technology. Someone, he said, received a legitimate opt-in e-mail and had mistakenly labeled it spam, which led to the temporary listing.

Lochart said the company does generate its e-mail address list from interested people at events like trade shows or through forms on its Web site, but doesn't go out and get e-mail addresses illegitimately.

"We don't go out buying lists, these are people that volunteer their information to us," he said. "Every e-mail in our database that we send e-mail to comes to us that way and, unfortunately, the nature of the beast is people very often forget that they've done that."

The SBL is a DNS-based Blackhole List (DNSBL), a controversial method for ISPs and e-mail server administrators to reduce the amount of spam that hits their servers. The term is commonly referred to as an RBL. The first DNSBL created by the Mail Abuse Prevention System (MAPS) was in the mid-1990s.

A DNSBL contains a list of IP addresses coming from spam operations. This list can then be accessed by e-mail administrators who subscribe to the service and use it to reject or flag any incoming messages from the IP addresses listed.

Postini's inclusion on the SBL wasn't a case of people forgetting they opted into Postini's e-mail list, contends Steve Linford, Spamhaus CEO. Spamhaus received quite a few complaints, he said, from reliable well-known sources like ISP system administrators and postmasters who said Postini was sending them unsolicited advertisements.

"Postini is not a spam outfit by any stretch and we certainly don't want a Postini IP address on the SBL," he wrote in an e-mail interview. "We intended the brief listing to be a simple jolt to stress that spam is against our policy and that we are expected by the community to enforce our policy."

A DNSBL can be a very effective method to cut down on the amount of spam. A popular list like Spamhaus' SBL can stop a large amount of spam from hitting e-mail user inboxes. According to the Spamhaus Web site, the SBL is protecting more than 427 million users around the world.

The method has frustrated some members of the businesses world for years, primarily because of the number of false positives that accompany DNSBLs. Web hosters know that the inclusion of their IP addresses on an DNSBL can shut down all its customers, not just the spammer who prompted the block in the first place. On the other hand, the e-mail marketers and e-mail list managers who deliver legitimate opt-in messages have found themselves on a DNSBL after getting a complaint.

Critics say the subjective nature of some DNSBLs make it a flawed mechanism. Competitors can conceivably put rivals on the list to shut them out, or people who forgot or unknowingly opted into an e-mail marketing list can add the IP address to the DNSBL.

This article was first published on To read the full article, click here.

Comment and Contribute


(Maximum characters: 1200). You have characters left.