Re: Fwd: [mailop] SORBS Closing.

ction just because some IP address was resolved by the query. (I think any built-in/default SpamAssassin rules for SORBS - already does all of this correctly.) Rob McEwen, invaluement

Re: replay RBL queries one hour later

/updated. But whatever the cause, this is STILL a reality that's worth noting, for anyone who is rescanning messages later. Rob McEwen, invaluement -- Original Message -- From "Benny Pedersen" To users@spamassassin.apache.org Date 2/26/2023 1:37:53 PM Subject Re: rep

Re: replay RBL queries one hour later

positives. But doing this "one hour later" shouldn't have this problem. Rob McEwen, invaluement

Re: May I get to 0 phishing?

en the message was originally sent - is what's now causing this chain reaction. It's highly doubtful that this rule would have hit at the time the message was received. --Rob McEwen, invaluement -- Original Message -- From "Rob McEwen" To users@spamassassin.a

Re: May I get to 0 phishing?

the fact that these are sent from PayPal servers that also send a MASSIVE amount of legit and transactional emails, including from this actual same IP. For example, in the past 24 hours, my small-ish mail hosting system has 6 legit not-spam PayPal notifications sent from this SAME ip address - all 6

Re: May I get to 0 phishing?

s a phish as well as a fraud. (PayPal should have done better customer vetting on the front end!) Rob McEwen, invaluement -- Original Message -- From "hg user" To "Rob McEwen" Cc users@spamassassin.apache.org Date 2/21/2023 3:10:35 PM Subject Re: May I get to 0 p

Re: May I get to 0 phishing?

hat can be made for minimizing the number of phish that get into the inbox. It's a constant battle! Rob McEwen, invaluement -- Original Message -- From "Bill Cole" To users@spamassassin.apache.org Date 2/21/2023 2:11:02 PM Subject Re: May I get to 0 phishing? On 2023-

Re[2]: URIDNSBL full message checking

out being sure it really is them and not a forged domain. I hope this helps! Rob McEwen, invaluement

Re: Seeking dhl.com ham samples

at they've since stopped using that particular domain name? --Rob McEwen On 8/2/2022 10:50 AM, Bill Cole wrote: Bug 8021 reports breakage in SPF checking for dhl.com mail, due to an inability to resolve the  SPF TXT record for dhl.com. That breakage is essentially due to DHL having far too m

rules for a sneaky SPEAR-VIRUS spam that gets past bayes

ation of this, if desired - along with any suggested improvements) -- Rob McEwen, invaluement

Re: Do these domains merit blocking?

t additions to invaluement's URI/domain bl sometime this week, when I get some more time. (I'm in the middle of some intense upgrades, so I barely had time to type this message.) -- Rob McEwen, invaluement

Re: OT: is sorbs.net sleeping ?

queries answered much faster due to accessing an invaluement DNS server with an extremely close geolocation. Queries then tend to get answered in a very low number of milliseconds - often <10ms. -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032

Re: OT: is sorbs.net sleeping ?

- I'm just trying to clarify that overly judging a DNSBL based on /*particular*/ false negatives can be overly harsh and might miss the good things that a DNSBL has to offer) -- Rob McEwen, invaluement +1 (478) 475-9032

Re: Bypass RBL checks for specific address

and point you in the right direction. If someone comes along and corrects my possible mistakes, or provides BETTER info - that is excellent - in the meantime, hopefully this will point you in the right direction, or give you some ideas. -- Rob McEwen, invaluement

Re: Mailchimp support for spamassassin-esp

anks for your patience and understanding. -- Rob McEwen https://www.invaluement.com

Re: Apache SpamAssassin and Spammers 1st Amendment Rights

that are blocked by spam filters and/or listed on anti-spam lists - were already CAN-SPAM compliant. Being *legal* is a very low bar for email, especially in the U.S. -- Rob McEwen, invaluement

Re: Apache SpamAssassin and Spammers 1st Amendment Rights

ir spam is justified by THEIR "greater good". Thankfully, it isn't my job to determine who is justified and, instead, I believe that NONE of them are justified in sending spam - spam is about *consent* - NOT *content*. -- Rob McEwen, invaluement

Re: Crap getting through

estions without having the raw underlying text of the message (w/headers). But please try to avoid pasting that directly to this list. Thanks! Rob McEwen On 11/8/2020 5:00 PM, Daryl Rose wrote: I'm getting obvious phishing attempts. This one was made to look like it was from Wells Fargo wit

Re: Invaluement sendgrid list

s for the feedback - and feel free to continue this conversation off-list since the SA list isn't suppose to be the invaluement support list. (or, email me at any time about such things - r...@invaluement.com) - Thanks! Rob McEwen, invaluement.com On 10/13/2020 12:56 PM, micah anderson wrot

Re: blacklisting the likes of sendgrid, mailgun, mailchimp etc.

ting caught - and the time from such a spam being first received - to that data getting into the list - has improved from about 1/2 a minute, to just a few seconds! -- Rob McEwen invaluement.com

Re: ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

On 8/25/2020 11:04 PM, John Hardin wrote: I just wrote something similar to generate a rule, in case for some reason you don't want to use a plugin. Let me know if there's any interest in it. yes - please share! -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032

Re: ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

ate set of files for Postfix that are pre-formatted this way already? Thanks! Rob McEwen, invaluement.com On 8/25/2020 2:26 PM, John Capo wrote: On 2020-08-25 11:42, Matus UHLAR - fantomas wrote: well, do we have anything available now to block at SMTP level? - postfix policy server? - mi

Re: ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

a turnaround. But ClamAv rules may still be a good way to get this implemented for many. Someone else mentioned one that was completely off of our radar - but we're about to double the coverage of these in terms of mailboxes and traps used for this purpose - so that will help further minimiz

Re: ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

On 8/25/2020 1:20 PM, Rob McEwen wrote: but I can do everything, at least not all at once *can't do -- Rob McEwen https://www.invaluement.com

Re: ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

on't enable usage of this will be left behind. PRO TIP: Instead of complaining about this problem on this thread - why not go to the discussion list or forum of your preferred MTA - and ask them to implement it? -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032

Re: ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

own in that silly whack-a-mole game. Don't get me wrong - Pyzor and other such checksum content filters - are wonderful and have their place - but thinking that they remove the need for this Sendgrid list - is absolutely not even close to true. -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032

ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

sender - is also being targeted - first with the absolute worst - and then progressing to other offenders as we make adjustments in the coming weeks. -- Rob McEwen https://www.invaluement.com

Re: Bombard by spam source in India that wasn't in any RBL used by spamassassin.

fwiw - this has been blacklisted at invaluement for days. --Rob McEwen, invaluement.com On 11/6/2019 2:33 PM, Mark London wrote: Hi - We got several hours of spam from the IP address 103.136.41.36 in India.    When I did a Multi-RBL check, the ip address was in the following databases

announcement about invaluement (or more like a tease?)

announcement about invaluement (or more like a tease?) https://www.linkedin.com/feed/update/urn:li:activity:6571558988201148416/ -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032

HostKarma status (was Re: How to block mails from unknown ip addresses?)

urvive for the long term. -- Rob McEwen https://www.invaluement.com

Re: Freshclam Safebrowsing enabled for SA

this so others will be aware and know what to look for when testing this. -- Rob McEwen

Re: How to deel with time limit exceeded

Another thing that helps - is to lighten the load on your SA by putting high quality low-FP DNSBLs in front of SA, that are first called by your MTA, where spams blocked by those aren't even scanned by SA. --Rob McEwen On 11/5/2018 2:48 PM, Andreas Thienemann wrote: Hi, I

Re: FPs on FORGED_MUA_MOZILLA (for my own hand-typed messages from my latest-version Thunderbird)

_MSGID || __SYMPATICO_MSGID) I really don't think I've done anything unusual with my setup of Thunderbird. Does anyone have other suggestions? Is there anything I can do with my Thunderbird settings to mitigate this? Thanks! -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032

Re: FPs on FORGED_MUA_MOZILLA (for my own hand-typed messages from my latest-version Thunderbird)

Bill, Even though this part wasn't the main purpose of the thread, that is still very helpful information. I will pass that along to my client so that they can hopefully fix their configuration problem with regards to their usage of URIBL. Thanks! Rob McEwen Sent from my Verizon Mot

Re: FPs on FORGED_MUA_MOZILLA (for my own hand-typed messages from my latest-version Thunderbird)

y Thunderbird "sent" folder: References: <55521fa7.8080...@invaluement.com> <7c8ad385-8b3d-74d9-7d34-ca2ca9236...@invaluement.com> <1b8ad5ec-18b7-90db-5cad-d86ffa5aa...@invaluement.com> Message-ID: <39397904-9830-5010-a3d2-a62af8326...@inva

FPs on FORGED_MUA_MOZILLA (for my own hand-typed messages from my latest-version Thunderbird)

main my message that was blacklisted on URIBL - so I can't explain the "URIBL_BLOCKED", but that only scored 0.001, so that was innocuous. I suspect that that rule is malfunctioning on their end, and then they changed the score to .001 - so just please ignore that for the purpose

Re: using URIBL on other headers

s collateral damage to a minimum, and without compromises that lead to more false negatives. ivmSED has just recently entering beta testing. (SED = "Sender's Envelope Domain"). -- Rob McEwen https://www.invaluement.com

Re: DNS and RBL problems

to see if this is causing your problem? -- Rob McEwen https://www.invaluement.com

Re: CVE-2018-12558: DOS in perl module Email::Address

On 6/20/2018 1:30 PM, Bill Cole wrote: http://www.openwall.com/lists/oss-security/2018/06/19/3 SpamAssassin does not use Email::Address. Thanks, Bill, for clarifying that. I've been concerned about this for hours - but too busy today research it myself. -- Rob McEwen

Re: OT: Congratulations Dianne

On 4/3/2018 1:18 PM, Axb wrote: AppRiver Acquires Roaring Penguin https://globenewswire.com/news-release/2018/03/26/1453063/0/en/AppRiver-Acquires-Roaring-Penguin.html Excellent! Dianne, I hope you benefited greatly in this acquisition! -- Rob McEwen https://www.invaluement.com

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

- before the MD5 is calculated. Otherwise, it could easily break if the spammer just mixes up the capitalization of the shortner URL up until the code at the end of the shortner. -- Rob McEwen https://www.invaluement.com

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

them... might have helped? Or maybe that was just "one straw that broke the camel's back"? Either way, I'm happy that this seems to be getting fixed, or they are at least headed in the right direction. -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032

Re: sneaky spams w/zipped URL file, easily caught by "Thread-Index"

k or score high on ClamAv, that MIGHT present a problem. On the other hand, maybe Sanesecurity is just being overly cautious (or considering more theoretical FNs?), and such actual FPs in real world mail flow are actually extremely rare? Any Thoughts? Anyone know? -- Rob McEwen https://www.invaluement.com

sneaky spams w/zipped URL file, easily caught by "Thread-Index"

another non-SA part of my anti-spam system, but the rule might help others here. There are also other attributes that could become an SA rule that would cause a hit even if the Thread-Index changed, but that will require a little bit more effort. -- Rob McEwen https://www.invaluement.com

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

should help me (and others) much... and it is good to know that there is a proper way to do this at a higher volume that meets Google's approval. -- Rob McEwen https://www.invaluement.com

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/20/2018 9:42 PM, Rob McEwen wrote: Google might easily start putting captchas in the way or otherwise consider such lookups to be abusive and/or mistake them for malicious bots... This prediction turned out to be 100% true. Even though others have mentioned that they have been able to

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

redirectors (shorteners), not each http->https shortener and only evaluates redirection between them, ignoring http->https redirects On 10.03.18 11:32, Rob McEwen wrote: But also keep in mind that it is NOT rare for the initial shortner found in a spam... to redirect to a spammer's page (t

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

r domains, checking ALL of them against URI/domain blacklists. (within reason... after too many redirects, it is better to just stop and add points to the spam score) -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

e SSL version. Therefore, if the code for this plugin (and others using this tactic) doesn't do this already... it should probably not count THAT particular redirect as a spam indicator, when counting the total number of redirects. -- Rob McEwen https://www.invaluement.com

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

hecks against blacklists. OFTEN - every single domain in that chain (past the initial URL shortner) is a compromised web site or spammer's website, not just the final destination web site. -- Rob McEwen https://www.invaluement.com

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

confusing things, someone answered things earlier in this thread, as follows: On 2/21/2018 11:27 AM, Alex wrote: This is what DecodeShortURLs is for https://github.com/smfreegard/DecodeShortURLs -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

to see widespread adoption by mail systems of a process where, in real time spam filtering, they check to see where URL shortners lead to, and then factor that destination into the spam filtering. -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

P, such as blocking all Zen-listed spams before DATA while another system might capture ALL messages and process them all. The latter is what my system does. That also might explain the difference in stats? -- Rob McEwen https://www.invaluement.com

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

ltering - again - doesn't alter my original point. The vast majority of anti-spam systems in the real world (1) don't (2) and won't any time soon. That is what I claimed. Please stop nitpicking and please stop arguing with a "straw man". -- Rob McEwen https://www.invaluement.com +1 (478) 475-9032

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

ickly shutting down their abused redirectors. I know this isn't easy, but there is definitely room for improvement. But my larger point in that overall post you quoted from, was my concern about one organization doing high volume lookups from a single server getting blocked or ca

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

e and software overnight... that could even take years, It's been part of our practice for about a year now. Excellent! I wish others would be as innovative and on top of things as you are! Unfortunately, your statement doesn't alter my point you were replying to, even one tiny bit.

Re: Expanding shortened URLs (was Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response))

e and automated lookups. That is a HUGE difference. -- Rob McEwen https://www.invaluement.com

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

eseeable future. So please don't think for a second that this somehow makes the plans I had described as unnecessary. -- Rob McEwen https://www.invaluement.com

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

my mouth and arguing against "straw men"? Also, I understand your very valid concerns about collateral damage. I've addressed that numerous times and in numerous ways, in numerous posts. This is getting tiresome. -- Rob McEwen https://www.invaluement.com

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/20/2018 6:05 PM, @lbutlr wrote: On 2018-02-20 (08:30 MST), Rob McEwen wrote: Spammers are starting to use this to evade spam filters, This is not news. Spammers have been using shortness since 3 seconds after tinyurl.com launched. My "this" was /*specifically*/ referring t

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

te concern that this crackdown might lead to collateral damage. That is admirable. But acceptance of a new and pervasive situation in email that anonymizes identity is a HUGE step backwards... like going back to the mid 2000s, or something. So some "push back" measures are exceedingly wa

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On 2/20/2018 11:45 AM, Rob McEwen wrote: And we ALL have to constantly shift our tactics to deal with emerging realities like this one - or risk getting left behind by our competitors who do keep up. ALSO - Likewise, it was very frustrating that I had to spend hours late last night making

Re: The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

sible for this change to put a dent in our hard-earned low-FP reputation. But this COULD cause problems for some already dark-gray-hat ESPs who let this practice run rampant. -- Rob McEwen https://www.invaluement.com

The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

ose domains or IPs within those URLs to our ivmURI domain/URI blacklist. This might not cause other such messages to get blocked, but it will have other negative repercussions for other uses of that domain. -- Rob McEwen https://www.invaluement.com

Re: Blacklist for reply-to?

associated with this. Also, it is very high quality and well-run! It should at least make a noticeable improvement, even if it doesn't catch all of them.) -- Rob McEwen https://www.invaluement.com

Re: smtp.centurylink.net 206.152.134.66

s... for example, some of the more malicious links arrive at a page that tries to install a virus), add ".info" to the end of the google shortner URL and you can then see more info about the shortner, including its intended destination. For example, for this one: ht

potential new SA feature: Direct DNS Querying Per DNSBL Zone

ing bugs, or at least make significant and measurable progress to that end - send me a private message off-list if that interests you! (I would do this myself, but Perl "looks like Greek" to me!) https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7477 -- Rob McEwen https://www.invaluement.com

Re: Weird new malware

This seems to be catching most of them: Subject: Invoice [A-Z]{2,3}\d{7}\b ...but it might need to be combined with other things to ensure no false positives, since there would be a rare legit message that would hit on this? --Rob McEwen On 11/8/2017 10:45 AM, Dianne Skoll wrote: Hi, Heads

Re: Blocking senders that are whitelisted

dded via a purchased list or something bad like that. Rob McEwen invaluement.com On 10/4/2017 11:23 AM, Alex wrote: Hi, we have a user complaining about receiving email from a solar panel company and want us to block it. The problem is that it originates from mailchimp, which is whitelisted. It&#

Re: ramsonware URI list

haps would focus on the stuff that isn't found on any (or very many) of the 4 major URI lists I mentioned, so as to keep the data small and focused, for maximum processing efficiency. -- Rob McEwen http://www.invaluement.com

Re: URIBL_BLOCKED on 2 Fedora 25 servers with working dnsmasq, w/ NetworkManager service

fill it back in. So I'm grateful every time I see thread like this that pushes back against that, and encourages others to run industry standard non-forwarding caching DNS servers. THANKS! -- Rob McEwen http://www.invaluement.com

Razor FP on simple http link (by itself)

OR's potential for collateral damage. Is this "extra curricular activity"? or did I misunderstand RAZOR's checksum technique? -- Rob McEwen

Re: Outgoing email without DMARC

load of spam over the past several years (not just volume-wise - but percentage-wise... I'd be run out of town if I did that) -- Rob McEwen

Re: Fastest listing RBL ?

few enough FPs for you to probably feel comfortable outright blocking (or scoring at/above threshold). You might find ~3-5 such lists, including zen.spamhaus.org in that elite group. -- Rob McEwen

Re: The nice thing about standards (was Re: Legit Yahoo mail servers list)

27;t necessarily know/understand others' situation/requirements that may be a little different than your particular situation/requirements. -- Rob McEwen

Re: Legit Yahoo mail servers list

On 1/30/2017 8:54 AM, Matus UHLAR - fantomas wrote: they do and it has been mentioned: https://help.yahoo.com/kb/SLN23997.html I wasn't aware of this page. If it was mentioned before in this thread, I missed it. Thanks! -- Rob McEwen

Re: Legit Yahoo mail servers list

IPs (if such were available?), so that I could EFFICIENTLY update/prune that part of my whitelist. And I strongly suspect that iterating though the millions of IPs to check FCrDNS would take a very, very long time - and might get such probing IPs blacklisted for abuse/intrusion-protection? -- Rob McEwen

Re: Legit Yahoo mail servers list

t Yahoo" seems very odd... -- Rob McEwen

Re: How to create a URIBL

I know you're a frequent SA discussion participant) -- Rob McEwen http://www.invaluement.com +1 (478) 475-9032

Re: How to create a URIBL

dns parses IP and reverses them by itself" ... but that only applies to sending-IP blacklists, set up with ip4tset and ip4set in rbldnsd. As shown, dnset operates differently for IP addresses found in URIBL blacklists. -- This was a trip down memory lane for me. -- Rob McEwen invaluement

Re: How to create a URIBL

omehorrificspammerfromhell.blogspot.com would ALL return listing, but blogspot.com ...wouldn't. So it also takes some work determining those boundaries. Some of those are simple domains... while others like blogspot.com or wordpress.com, are more "artificial" (but still critically important). -- Rob McEwen invaluement.com

Re: RCVD_IN_SORBS_SPAM and google IPs

even though they've never gotten a single "hit" from their mis-configuration, and then they'll have a very bad day when that time comes. But, again, thanks for the mention! Perhaps, next time just say "invaluement". -- Rob McEwen invaluement.com

Re: spamassassin and caching nameservers

point. It was designed from the ground up only to serve as a dumbed down locally hosted DNS, only for serving DNSBLs where the data files are found locally. It makes up for the lack of more extensive DNS features with blazing speed and very low memory overhead. -- Rob McEwen

Re: Spoofed Domain

a SA rule for scoring against .docm files attachments? Perhaps someone else could help you with that. -- Rob McEwen

Re: Corpus of Spam/Ham headers(Source IP) for research

is... how to reward blacklists that are more accurate, but without penalizing them for not being a redundant copy of Zen. It isn't as easy as it sounds in a ratings system. (even if real life usage of such by a hoster or ISP can quickly lead to fewer complains from customers about about FP and FNs) -- Rob McEwen

Re: Which DNSBLs do you use?

nt misses. Therefore, as I said, SIP and SIP24 (combined) are intended to be a supplement to Zen, not a replacement of Zen. (just want to make sure this is clear!) -- Rob McEwen http://www.invaluement.com

Re: Spamassassin not capturing obvious Spam

message, then this particular example was probably a rare malfunctioned spam that will be of no benefit to the spammer, and would then probably not be worth investigating since the spammer then has no incentive to keep sending these types. -- Rob McEwen

Re: A Plan to Stop Violence on Social Media

h powers could easily be abused in the future for nefarious purposes, such as suppressing criticism of the current party in power, etc. This could be a "slippery slope". -- Rob McEwen +1 478-475-9032

Re: SpamAssassin Rules Regarding Abuse of New Top Level Domains

be as concerned about a few extra FPs) -- Rob McEwen +1 478-475-9032

Re: Return Path (TM) whitelists

ages from certain "mixed ham/spam" sender's IPs... but you shouldn't treat them as fully whitelisted either. That is a big difference... therefore, most of the time that a virus-sent spam is sent from an IP in DNSWL, it is from an IP that is marked by DNSWL as a mixed source. -- Rob McEwen http://www.invaluement.com/ +1 478-475-9032

Re: Uptick in spam

g), let me know (off-list) and I'll research it. I can then make adjustments accordingly. I'm very responsive to customer feedback. Thanks! -- Rob McEwen +1 478-475-9032

Re: Uptick in spam

rovided the world a good service, and the resulting collateral damage was well justified. The site owner should be considered at fault for the collateral damage, not the DNSBL. I hope this provides some clarity. -- Rob McEwen +1 478-475-9032

Re: Uptick in spam

ended. Having said that... thanks, David, (and others) for your mentioning about your success with ivmSIP and ivmSIP/24, where they are helping you block much of the spam that slips past Spamhaus, etc. -- Rob McEwen

Re: Ready to throw in the towel on email providing...

efinately double check this. If you can verify that this is true (and continues to be true)... then use this info as a rebuttal the next time you have a client talk about leaving you for gmail. -- Rob McEwen +1 (478) 475-9032

Re: Domain ages (was Re: SPAM from a registrar)

combination with other rules could be very helpful. -- Rob McEwen +1 (478) 475-9032

Re: Domain ages (was Re: SPAM from a registrar)

t the list of URI BLs that Axb gave above are all extremely low-FP URI blacklists. -- Rob McEwen +1 (478) 475-9032

Re: Domain ages (was Re: SPAM from a registrar)

verything fast enough... combined with many sys admins failing to make use of ALL the good and low-FP URI/domain blacklists... where they 'd see MUCH better results if they were using ALL of the good URI blacklists! ...but I'm a little biased on this point! :) -- Rob McEwen +1 (478) 475-9032

Re: Who wants to trade data?

On 2/6/2014 6:59 PM, Noel Butler wrote: > spams an anti-spam list so sharing/discussing data/intel about spammers on an anti-spam list... is spamming? Really? -- Rob McEwen invaluement.com

what is that number at the beginning of .cf files signify?

aming convention be followed, even if just for etiquette? -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032

Re: Uptick in false negatives - filter check?

you keep seeing these, check the domains on multirbl.valli.org ...and you'll see in real time what I'm talking about! -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032

  1   2   3   4   >