A Friendly Conversation with Tom from TRBL
TRBL (http://www.trblspam.com/) is a new DNS-queryable IPv4 blocklist which is already getting some positive attention in the anti-spam community. We asked Tom, who created TRBL, some questions via email in order to find out more about the project and his intentions.
RP: Is Tom your real name? What’s your background?
Tom: It is not the exact name on my birth certificate, no. But that’s true of most of us, isn’t it? Nicknames, shorthand, pseudonyms, it’s part of life on the internet. I chose not to post my full name, to keep a bit of distance between my day job and my “evenings & weekends” hobby of running an anti-spam blocklist. I don’t want to talk about TRBL at work. I’m not really that anonymous, though. If somebody needs to sue me, I’m still easy enough to find.
My background? Mostly email-related jobs, system administrator jobs. A bit of web development and web design. Lots of other random things, too, that have nothing to do with running a blocklist.
RP: Why start a new DNSBL?
Tom: I used to own an ISP, so I have a large number of retired email addresses and domains that get nothing but the “worst of the worst” kinds of spam. My spamtraps get around 750,000 spam messages a month, with a bit of variation depending on what botnets are up or down this week. By some standards, that’s not a lot of spam. But by mine, that’s a lot. And I wanted to do something with it all. So I created TRBL to share that data in a way that can help other people reduce the amount of spam they have to deal with.
I’ve helped out on other DNSBLs before, so this isn’t new territory for me. I’ve also watched other people run their own DNSBLs for many years. Some DNSBL operators implode, crushed under the weight of their own hubris. It’s painful to watch. It’s harmful to the broad industry goals of reducing and limiting spam. I want to try to be low key and easy about how mine works, to avoid all of that.
Also, I saw somebody sell a controversial, not-so-widely-loved blacklist for rather a significant amount of money recently. I know I can build and run a block list better than she can, so maybe there’s somebody out there willing to pay me at least half as much for something definitely twice as good.
RP: There’s a lot of FUD out there about spam traps, especially in email marketing circles. I tried to assuage some of that in an article last year, but I’m not sure it helped. What type of spam traps does TRBL use? What type(s) of spam are you trying to catch?
Tom: These are mostly my old ISP domains that get nothing but 100% pure spam. There are additional addresses, some of which I had given to legitimate companies, but had leaked to spammers. In those cases, I unsubscribed from the original company’s messages, then redirected any future mail into the blocklist. Some other of the addresses are ones that I embedded on various websites, and were harvested by spammers. I’ve even got some addresses that were involved in an ESP’s data breach from a year ago. So, the sources vary, but I think that overall, these spamtraps are very unlikely to catch regular companies sending regular mail. Also, if somehow, a legitimate company ends up listed, it’s not like an anvil drops on their head. They can notify me about it or remove the listing. I’m happy to work with companies like ESPs to show them which client caused a listing.
I was grateful to find your article on spamtraps. Spamtrap best practice documentation is nearly non-existent. Everybody has their own definition that they have developed in a vacuum. And some people have a really bad definition of what constitutes a spamtrap. The spam stopping industry needs to educate itself, and develop a common definition of spamtrap that both catches as much spam as possible, but doesn’t ensnare legitimate companies, or come saddled with legal liability. Here’s a hint. If you gave me an address, then fed the mail I sent you into a blocklist, and call that a spamtrap? That’s not a spamtrap, that’s a lawsuit waiting to happen.
RP: What’s your general philosophy regarding spam, and how is that philosophy implemented in how TRBL operates?
Tom: Unlike some other blocklist maintainers, I don’t want to be a bombastic flashpoint for heated debate. It’s simple. It’s spam. I find the spam, I add the spamming IP to my list, the spam gets blocked. I’ve debated in the past with spammers who think I’m calling them a bad guy. “I’m not really a bad guy,” they’re all very quick to tell me. I agree. You’re not bad guys. This isn’t a list of bad guys. It’s a list of IP addresses that have sent spam. It’s a simple, binary measure. You send spam to the spamtraps, your IP address shows up on the list. So from that perspective, I’m simply not willing to argue with people about how they’re being unfairly targeted, because they are not. I am not calling them anything at all.
On the other side of the coin, I’m not willing to “die on the cross” over a specific single listing. There is always more spam. My time is too valuable to argue with somebody about a listing. If they want their specific listing removed, they’re free to remove it. A lot of the hatred aimed at a particular other DNSBL was due to their weird de-listing policies, asking for money (“donations”), taking weeks or months to respond to emails, getting into fights with people who got listed. It hurt the blocklist’s credibility. They made a lot of enemies. My goal is to be the gallant to their goofus. I hope I’m able to succeed and avoid that wasteful, personality conflict-driven mentality.
RP: So email marketers don’t need to be scared of TRBL?
Tom: Heck no. Marketers should be scared of IP reputation and engagement metrics. A TRBL listing doesn’t get you blocked at Yahoo. Failure to follow best practices gets you blocked. Maybe it also gets you listed on TRBL, but your issue is not the TRBL listing — your issue is your poor reputation. That’s not TRBL’s fault.
RP: Who is using TRBL in filtering decisions today?
Tom: I feel like that would be kiss-and-tell, so I must decline to give specific usage data. Certainly, TRBL is quite new, so its usage footprint is much smaller than the usage footprint of other, more established blocklists. Senders will have to keep an eye out for their own bounces and measure for themselves where a listing is going to cause an email message to be rejected or filtered.
RP: Who would you like to see using TRBL?
Tom: TRBL’s intended audience is made up of mail server administrators at companies and ISPs who need another reputation data point to help better decide which bad mail to filter or reject. I think TRBL is a fairly safe blocking list, in that I have lots of whitelisting in place to try to prevent listings of legitimate ISP mail servers. And these spamtraps are so entirely “pure spam” from what I can tell, that I don’t think you’re going to accidentally reject tons of wanted mail if you block mail from IP addresses listed on TRBL.
RP: What’s the technology behind TRBL?
Tom: I was going to build it on Spamikaze, a common blocklist engine that can be fed by spamtraps, but I ended up wanting to customize it too much. So, it is lovingly crafted out of custom Perl and PHP, and it runs on an old, tiny, slow 1.6 GHz Atom server that lives under my desk in my home office.
RP: Who pays for it?
Tom: People will pay for TRBL? I’ll send you an address they can mail the checks to. No, seriously, right now, TRBL survives with a bit of purchased bandwidth, a bit of donated bandwidth, and all of my free time. It’s a small amount investment toward the greater reward I am entirely unlikely to ever receive.
Spammers are quick to call anti-spammers “anti-commerce e-radicals” so they might be surprised to find out that I’m a capitalist and would love to be able to sell TRBL to a anti-virus, security or reputation-related company at some point. I’d love to go down that path with the hope that very broad usage of TRBL follows. That’s the long term goal.
RP: Is “TRBL” pronounced more like “trouble” or “terrible”?
Tom: I’ve been calling it TER-BULL, sort of rhyming with “turbo,” rhyming with SURBL and URIBL. But the similarity to “trouble” or “terrible” in the abbreviation was intentional, and I think it’s a fun name.
RP: Is there anything else you’d like to share with our readers?
Tom: Yeah. There is so much spam out there. Tons. Don’t make it worse. Don’t emulate bad behavior you observe. Just because somebody else does something stupid, doesn’t mean you should do it, too. Be better than that. Nobody ever won by looking at what all the idiots around them are doing and saying, “I will emulate that exactly, just because those guys are doing it.” Because somebody got away with something stupid and got a piece of spam to your inbox doesn’t mean they have discovered a long-term business model. You see that email get through, but you don’t see the follow-up blocking and blacklisting.
And finally, remember that this is just email. It’s not FedEx or UPS. Delivery is not guaranteed. There is no such thing as an email emergency. Email is not the path the ambulance takes to get from your home to the hospital. There’s also no such thing as a “legally required” email. Email is a privilege, not a right. Keep in mind that big ISPs are struggling under the load of billions of unwanted spam messages every day. If your one little email blast got blocked, and you decide to threaten to sue, remember that ISPs and blocklist operators A. have heard it all before and B. they well understand what Section 230 of the Communications Decency Act says. Honey (and best practices) will get you more flies than vinegar.
RP: Thanks, Tom.