On Thu, 29 May 2003, Bob Apthorpe wrote:
> HI,
>
> On Wed, 28 May 2003 22:52:32 -0500 (CDT)
> [EMAIL PROTECTED] wrote:
>
> > In short, yes there are a lot of ignorant people that look no farther than
> > the From: line. Fortunately DNSBL maintainers are stupid enough to let a
> > single (l)user dictate what they put into their BL.
>
> Are you missing a 'not' in there, i.e.:
>
> "... DNSBL maintainers are _not_ stupid enough ..."
Yes. Thank you. :) I can't find my good .sig that says something to the
effect of "read what I mean, not what I wrote". I need to spend more time
proof-reading and less time writing.
> Or are you vaguely referring to SpamCop's busticated statistics and
> unwillingness to remove obviously broken listings in a timely manner
> when notified? IIRC, it doesn't take much to get a low-traffic site
> falsely listed in bl.spamcop.net, assuming you take Declan McCullagh's
> list as an example. Assuming you take Declan's musings on spam with more
> than a grain of salt.[1]
I tend to ignore SpamCop. In a sense it's a great idea IF it was properly
run. Since it's not from what I hear, I just ignore it.
> Granted, on aggregate, comparing mail to many DNSBL's leads to pretty
> decent accuracy as SpamAssassin shows. It's hard to fool all the
> blacklists all the time. But for rejecting connections during the SMTP
> transaction, where (with rare exception) false positives are
> unrecoverable, you need to be sure the blacklist has a clear focus and
> is maintained by people with the integrity to list precisely what they
> say they're going to list.
I'm a SPEWS user. :) I'm slowly moving more of my systems to the
configuration I preach. That is reject the misconfigured hosts (open *)
at Sendmail. Then use the more subjective lists to score spam (like
SPEWS). I'd use the SBL from Sendmail itself. It's almost always on the
money, except for when Steve lists a provider's corporate MXs for a day or
two to get their attention which I don't really mind.
Frankly I've never had any trouble flat out rejecting mail with the 15
DNSBLs I typically call from Sendmail. The only questionable list is
SPEWS. Whenever I get a complaint about that I simply tell them that
their provider is harboring spammers and we will not accept mail from any
of that provider's netblocks, period. That usually works for me. For
most I'd recommend only scoring against SPEWS (maybe a nice round score of
2 would be adequate).
> For rejection, I try to stay with automated DNBLS (OPM,
> proxies.relays.monkeys.com[2], ordb.org), content-neutral lists (DUL,
> dynablock.easynet.nl, zombie.dnsbl.sorbs.net), and the more conservative
> (lower collateral damage) lists like sbl.spamhaus.org. I don't have any
> fundamental objection to SPEWS; I just won't reject mail based on it. If
> I got more spam, I'd consider it. I don't really even object to
> collateral damage so much; blocking all of Rackspace, China, or Korea
> might be what it takes to force them to take responsibility for their
> networks, go out of business, or become a national intranet. It worked
> for AGIS...
I like the automated BLs as well. However I only use DNSBLs that I can
get a zone transfer of some kind from. That's why I don't use ORDB.
Their threshold for receiving mail ("millions a day") to qualify for a
zone transfer is grossly over-inflated. We pay for AXFRs of the DUL and
RSS. The rest of the zones I use I either AXFR, rsync, or wget them. It
requires a lot of RAM on the NS for caching but it's worth it IMHO.
I'm starting to score foreign mail. Few if any of my customers are
expected to talk to someone in Korea or Malaysia. Adding 1-1.5 to their
score isn't a bad thing I don't think. I don't mind blacklisting a
provider. Broadwing and Cyberlinx will never set foot on my networks. I
actually have a list of providers I blacklist. Unlucky them it's
permanent. :)
> Dunno. Most popular DNSBLs are popular because their listings are
> consistent with their mission statements.
I like those that don't change over time. If the list is supposed to be
spammers and only spammers then I don't want the list to list corporate
MXs (I was surprised Steve did that). If I was overly concerned with FPs,
this would have caused me to stop blocking with the SBL and only score
with it.
I really like the lists that organize themselves well. Osirusoft does
a pretty good job of this. If I get a transfer of the ORSS I get all the
little zones he incorporates. At first I didn't like that. Eventually I
stopped doing a DNSBL check against relays.osirusoft.com and started doing
it agains the subdomains like spews.relays... and spamhaus.relays. That
worked a lot better. This is something I dislike about SORBS. The full
zone doesn't list subdomains.
> > Old netblock lists can cause a lot of grief.
> > I can't keep up with my netblock listings anymore. I now rely more on the
> > DNSBLs that should be up-to-date.
>
> Amen to that.
If I was a full-time anti-spammer again I could do it. Then again I also
have no life. :)
Justin
-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
