> Sorry, your subsequent emails answered this -- SA seems to be > the other tool that pushes a message into the greylist zone. > With these two (two right? > not any more?) tools driving your greylisting, ...
Some other things like SPF fail or softfail too. (Too many people try to "BLOCK" on SPF softfail but at least in theory it is safe to block on SPF softfail.) Most two-letter country codes IF the HELO name doesn't validate, things like that. Anthing that looks like a dial/dynamic address, although many people would just block on these. The point is you can send anything through greylisting and virtually eliminate ANY false positives. But a low false positive rate mechanism through the greylist method means that it makes a "good" method great in terms of avoiding FPs and let's about 9-10% through. > I'm curious how many > (suspicious) mails make it to your spam buckets (or even to > your inbox)? We are not a big system, a few thousand mails a day and about 60% WERE spam before instituting this method. 90% of the spam never reaches SA so we are down from like 1000-1500 spams (received) per day to about 100 or so that we must review. These are not exact figures and might be off by 50% or so (low probably), but the percenctage is correct. And (I didn't mention) that our users have SpamBayes on their system so if anything gets through it is almost always caught there -- and we have them "forward as attachment" back to a SPam/Ham reporting address. -- Herb Martin > -----Original Message----- > From: email builder [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 27, 2005 1:54 AM > To: users@spamassassin.apache.org > Subject: RE: best of RBLs without the FPs > > > > --- email builder <[EMAIL PROTECTED]> wrote: > > > > But again, since almost no legitimate email is ever > greylisted only > > > almost nothing DESIRABLE EVER gets delayed. > > > > So you ONLY greylist what the RBLs tell you is on their > list? Maybe I > > need to go back and re-read your original email, which I skimmed > > perhaps too lightly... because even back in the day before we used > > greylisting (we use "straight"), and only had something > like four RBLs > > rejecting mail outright, we still saw a lot of spam getting through > > (for SA to score). So I just can't imagine that selective > greylisting > > of whatever is on the RBLs will catch nearly as much as > you'd want it > > to. What are your other mechanisms for tempfailing beside RBL? > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection > around http://mail.yahoo.com >
