On 27 Sep 2002 at 11:24, Robert L Mathews wrote: > At 9/27/02 6:51 AM, Michael Moncur wrote: > > >> Being listed in SPEWS will trigger these rules: > >> > >> RCVD_IN_OSIRUSOFT_COM - generic rule > >> X_OSIRU_SPAM_SRC - SPEWS specific? > > > >According to osirusoft, this is not SPEWS specific: > > > >>127.0.0.4 Confirmed Spam Source > >>A site has been identified as a constant source of spam, and is manually > >added. > >> Submissions for this type of spam require multiple nominations from > >multiple sites. > >> Test Blockers also find themselves in this catagory. > > > >So, it should only happen if you're listed in SPEWS plus something else, in > >theory. > > Actually, their FAQ is a little misleading on that point. 127.0.0.4 does > include sites listed only in SPEWS: when they say "manually added", that > includes "has been manually to the SPEWS list". > > As someone whose netblock has been listed in SPEWS for the last two days > due to the SPEWS policy of intentional collateral damage, I second the > motion to change the tests so the scores can be different. (I'm not > defending my ISP; I've made my displeasure clear to them and I'm > considering other options, so there's no need to flame me about how I'm > part of the problem by doing business with them.)
Level 1 or Level 2? My understanding is that SPEWS puts known spammers in at Level 1, and spam support (where most of the collateral damage comes in) at Level 2. Osirusoft only includes the Level 1 SPEWS database in its collated results. There have (to my knowledge) only been a couple of cases where netblocks which should be in the SPEWS Level 2 database were escalated to Level 1 (contravening their stated policy, in my opinion), but it hasn't happened very often. > Whatever people think of SPEWS, they do intentionally set out to flag > non-spam in many cases. I'd guess that the chance of a message flagged in > spews.relays.osirusoft.com actually being spam is probably quite a bit > lower than the chance of a message flagged by inputs.relays.osirusoft.com > being spam (although I haven't done any tests; this just seems logical > based on the listing policies). I'd disagree, based on our experience at least. Inputs.relays.osirusoft.com includes insecure relays, whether or not the administrators of those relays know or care. Abused open relays very definitely carry legitimate traffic as well--far more so than servers listed in SPEWS Level 1. > Given that, spews.relays.osirusoft.com should be scored differently from > inputs.relays.osirusoft.com. Having one rule combining them (which is > what happens with a pure relays.osirusoft.com lookup) is less than > optimal if they should be scored differently. ---- Nels Lindquist <*> Information Systems Manager Morningstar Air Express Inc. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
