Rob McEwen (PowerView Systems) wrote:
Marc, I've developed a system similar to what you've described. For example, I do my own RLB lookups and reject messages which score above a certain number without doing additional spam filtering. (and I've custom weighed various RBLs). This could be considered similar to your own "blacklist". I also have a whitelist like yours... except that I "surgically" apply my IP-based whitelist ONLY towards not doing RBL lookups on the sending server IP addresses for such messages... but continue to do ALL OTHER spam filtering on such messages. (I also apply less spam filtering to authenticated users messages) But while I see the value of your blacklist and your yellowlist, it seems to me that taking an ip-based whitelist and using it to bypass ALL filtering is like writing a "blank check". It seems like either (1) you might be taking too many risks and/or (2) in order to prevent taking such risks, you'd have to make this whitelist so small percentage-wise that you might as well go ahead use SA to test all message not caught by your IP-based blacklist. Make sense? Your thoughts? (specifically, can you give examples where you feel VERY assured that you'd NEVER see spam from that remote IP address)
You can't spoof hosts and there are hosts that never send spam. My bank, Wells Fargo, never sends spam. So - why not whitelist them. My idea is that if you track hosts and the never send spam then why bother spam filtering them? It loads the system and you risk false positives.
