Very Inadequate Spam Protection, Serious flaws apparently in the way that spam is being flagged. Options

[mvandemar]

Note: I am not a Movable Type customer, I am speaking as a normal netizen trying to interact with people who own Movable Type blogs.

Apparently the current spam protection module being used by MT, SpamLookup, has some serious design flaws in it. It is incorrectly querying the IP lookups, and somehow adding domain names to it's own global database (bsb.spamlookup.net), with no information being given out as to what criteria was use to add them, and no way whatsoever to remove them.

It is not enough to have a great success rate at blocking spam... at least a moderate amount of effort should honestly be made in order to allow legitimate commenting to occur. Wouldn't you agree?

-Michael

[Rts]

yeah, i haven't reached the pt where my blog is spammed yet, but yeah the spam problem has been a big issue for mt from all the reviews that i read.

i think they're aware of it (or they should be), but perhaps it's out of their resource/power for now, we'll see how they approach that in mt4.

[mvandemar]

yeah, i haven't reached the pt where my blog is spammed yet, but yeah the spam problem has been a big issue for mt from all the reviews that i read.

I'm not being spammed, I'm being unfairly blocked from participating in certain communities because they are incorrectly querying a public database. As of yet they are refusing (the only one who has responded was Sarah, and that was to tell me to post it here, she has yet to actually address the issue) to do anything about it.

After the incorrect query, they added one of my domains to another of their databases, informing all MT owners that it was an domain not to be trusted. They give no information whatsoever as to why it got added or how to remove it. This is completely unacceptable.

Why won't anyone from SixApart respond to this?

-Michael

This post has been edited by mvandemar: Jun 13 2007, 10:54 PM

[OtherNiceMan]

Well the SpamLookup plugin does not maintain a database (from what I understand from the readme files), instead it uses some public databases (bsb.empty.us and opm.blitzed.org by default), you would need to contact them if your domain is showing as a spam domain.

There are also a number of Spam blocking solution, have you confirmed that the blog is using the SpamLookup plugin and not some other Askimet for example?

This post has been edited by OtherNiceMan: Jun 14 2007, 10:39 AM

[mvandemar]

Well the SpamLookup plugin does not maintain a database (from what I understand from the readme files), instead it uses some public databases (bsb.empty.us and opm.blitzed.org by default), you would need to contact them if your domain is showing as a spam domain.

There are also a number of Spam blocking solution, have you confirmed that the blog is using the SpamLookup plugin and not some other Askimet for example?

Yes, I confirmed... here is what was returned:

SpamLookup IP Lookup
72.185.112.76 found on service zen.spamhaus.org
SpamLookup Domain Lookup
domain 'blogsblogsblogs.com' found on service bsb.spamlookup.net

First, I checked Spamhaus. Apparently SpamLookup is querying the wrong database there. When you query with my home IP, which is a dynamic IP assigned by Roadrunner, you get this:

72.185.112.76 is not listed in the SBL
72.185.112.76 is listed in the PBL, in the following records:
PBL138221
72.185.112.76 is not listed in the XBL

The important bit is that it is NOT listed in the Spam Block List nor the Exploit Block List. Where it does come up is the Policy Block List. What the PBL states is this:

This IP range has been identified by Spamhaus as not meeting our policy for IPs which should deliver 'direct-to-mx' mail to PBL users.

What this states basically is that if I send mail from this IP address, I need to turn on "SMTP Authentication" in my email software settings. It happens to be on. SpamLookup, however, will never know this, since this entry can only ever be verified against emails and has NOTHING to do with any other kind of web based activity whatsoever.

Now, near as I can tell, since they performed this incorrect query, they then decided to add the domain that I was posting with to another database, bsb.spamlookup.net. No, the fact that the domain name for that database happens to match the name of the plugin is not a coincidence. It is a database that was created specifically for the plugin. There is no information being given out on this database whatsoever, but it is being used to report on someones reputation.

So essentially it automatically doubled my spam score after the first time I tried to post, pushing me below even the whitelist threshold from what I was told.

Assigning arbitrary labels like this is negligence, pure and simple, and they seriously need to fix this. How the hell they can think this doesn't need to be addressed is beyond me. This is a commercial product, and they should realize the liabilities of what is happening.

-Michael

[OtherNiceMan]

One of the problems is you are using a dynamic IP address from an ISP that spamhaus has had a large number of spam reports about users of the ISP (unsecure machines acting as spam relays etc) so SpamHaus has decided to mark everyone on the ISP as suspect as a shortcut.

If SpamLookup is querying the wrong database then that is an end user configuration issue (users can enter in there own spam notification servers).

[mvandemar]

One of the problems is you are using a dynamic IP address from an ISP that spamhaus has had a large number of spam reports about users of the ISP (unsecure machines acting as spam relays etc) so SpamHaus has decided to mark everyone on the ISP as suspect as a shortcut.

It's not the case here though, the ISP was not marked as suspect.

If SpamLookup is querying the wrong database then that is an end user configuration issue (users can enter in there own spam notification servers).

No, it isn't. If it's doing it by default then it is an issue with the software itself.

-Michael