uk1host wrote:
>
>
>
> uk1host wrote:
>>
>>
>>
>> Rob McEwen wrote:
>>>
>>> [EMAIL PROTECTED] wrote:
>>>> Do you know if there is a list of RBL's and where I can get it from.
>>>> I have a customer who is getting alot of spam and I need to cut it
>>>> down alot, he seems to be getting alot from drug companies and medical
>>>> extension companies.
>>>
>>> Dave,
>>>
>>> I recommend the following 5 "1st tier" Sender's IP blacklist (or "RBLs",
>>> as you described them):
>>>
>>> (NOT in any particular order)
>>>
>>> *****************
>>> SENDER'S IP BLACKLISTS:
>>> *****************
>>>
>>> THE FIVE "1ST TIER" DNSBLs:
>>>
>>> (1) zen.spamhaus.org (may require subscription if volume is high)
>>> ALSO: cbl.abuseat.org (already included in zen, so don't use both.)
>>>
>>> (2) psbl.surriel.com (I recommend using their free RSYNC access.)
>>>
>>> (3) bl.spamcop.net (used to have some FPs of legit newletters. But not
>>> anymore.. so don't believe anything bad you read about this one because
>>> it is now really high quality and has extreme low FPs.)
>>>
>>> (4) list.dsbl.org (I recommend using their free RSYNC access)
>>>
>>> (5) invaluement.com's SIP list (**requires subscription for RSYNC access
>>> to files. ivmSIP will NOT impress based on % of spam blocked... but it
>>> WILL impress based on the spam it catches which ALL the other 1st tier
>>> lists miss... and it has a 1st-tier extreme-low-FP rate.)
>>>
>>> Contact me off-list for a free test of ivmSIP.
>>>
>>> FOUR "HONORABLE MENTIONS":
>>>
>>> (1) dnsbl.ahbl.org (really good, but I've seen a few too many FPs to
>>> consider this in the 1st tier. But when I say "a few".. I mean a tiny,
>>> tiny fraction of a percent.)
>>>
>>> (2) dnsbl.njabl.org (really good, but I've seen a few too many FPs to
>>> consider this in the 1st tier. But when I say "a few".. I mean a tiny,
>>> tiny fraction of a percent.)
>>>
>>> (3) hostkarma.junkemailfilter.com (might be a 1st tier list.. but I
>>> haven't test it myself. Like ivmSIP, it catches lots of spam that other
>>> lists miss. I know its FPs are overall at least very low, but I haven't
>>> verified yet that it's FPs are low enough to be considered a 1st tier
>>> RBL. This one might very well be 1st tier... I just can't personally
>>> verify that.)
>>>
>>> (4) dnsbl-1.uceprotect.net (used to have too many FPs... but under new
>>> management and FPs are getting lower and lower... if the improvement
>>> keeps up, this might just be 1st tier very soon, if not already!)
>>>
>>> Again, the FP rates on at least three of these "honorable mentions" are
>>> really just a hair below those of the 1st tier lists. I'm insanely
>>> committed to having zero FPs.... so, again, don't take my "few FPs"
>>> comments too far. I hear that some ISPs outright block on various
>>> combinatinos of these "honorable mentions" with extreme few complains
>>> about FPs.
>>>
>>> *****************
>>> URI BLACKLISTS:
>>> *****************
>>>
>>> There are three that stand head and shoulders above the rest. There
>>> isn't a close 4th. These three have (1) extreme low FP rates... and (2)
>>> each of these three catch many spammer's URIs that the other two miss.
>>> Outside of these three, no other (publicly available) URI-dnsbl in
>>> existence can come close to making those two claims.
>>>
>>> These are (A) SURBL.org, (B) URIBL.COM, and (C) ivmURI.com
>>>
>>> SURBL and URIBL are generally free. URIBL is starting to requiring a
>>> paid subscription to RSYNC access for organizations with large volumes
>>> of queries. Also, ivmURI is subscription-only (again, contact me
>>> off-list for more info). BTW - check out
>>> http://invaluement.com/results.txt
>>>
>>> SURBL can be queried with "multi.surbl.org"
>>>
>>> URIBL can be queried with "multi.uribl.com"
>>>
>>> ivmURI requires a subscription to get the data via RSYNC
>>>
>>> Hope this helps!
>>>
>>> BTW - a good place for looking at catch rates and FPs for the various
>>> Sender's IP blacklists is Al Iverson's web site:
>>>
>>> http://www.dnsbl.com/
>>>
>>> But ivmSIP isn't listed there because Al Iverson hates me. :(
>>>
>>> (a) I bugged Al one too many times last summer when Al had found a
>>> single FP on my ivmSIP and wouldn't tell me what it was. I didn't mind
>>> that he wouldn't tell me... but I'd e-mail him about once a week to ask
>>> him if it was still there and, apparently, this eventually angered him.
>>> (b) I tried to explain to Al that ivmSIP is suppose to have a catch rate
>>> of only about 20% (at that time, it is higher now)... but that it was
>>> still far superior to other lists that have a much higher catch rate
>>> since ivmSIP had an overall 1st tier FP rate and ivmSIP catches spams
>>> that other 1st tier lists miss. IOW, suppose that ivmSIP had a catch
>>> rate of 80%, but was ONLY listing stuff that Zen *already* caught. What
>>> good would a list like that be? Such a hypothetical list would superior
>>> to ivmSIP according to Al's and his ratings ratings, but would be
>>> absolute worthless in the real world! But since ivmSIP catches MANY
>>> spams that all other 1st tier lists above miss... it is, instead,
>>> extremely valuable and useful. After repeated attempts, Al NEVER even
>>> acknowledged this logic and eventually told me to.... well... nevermind.
>>> I guess he hates me... but he does a jam up job with his web site... He
>>> is a true expert in this field and gives very good advice. His web sites
>>> are chalk full of excellent analysis and review. Highly recommended!
>>> (Though his site would do better if he factored in "unique" catches
>>> among the 1st tier extreme-low-FP lists.)
>>>
>>> Rob McEwen
>>> [EMAIL PROTECTED]
>>>
>>>
>>>
>>
>> ==============================================================
>>
>> Thanks Rob,
>>
>> I am hoping it will cut down on the spam I am getting. I had a auto
>> response on my mail (which I have now removed) and I was getting 300+
>> spam over night.
>>
>> I have put the info into the RBL list on my mail so I am hoping it will
>> cut it down.
>>
>> I have marked it to enable for filtering and enable for incoming blocking
>> is this correct?
>>
>> cheers
>> DAVE (uk1host)
>>
>>
>>
> =======================================================
>
> I have added all the stuff above and am still getting alot of spam,
> medication, degree's and stop being floppy in the bedroom.
>
> Anyone got any other idea's to help cut back on this.
>
> cheers
>
> =======================================================
>
I have posted some of the spam (HEADERS) I am still getting below.
(1)
Return-Path: <[EMAIL PROTECTED]>
Received: from Wimax-c3-ppy-pt-190-70-170-132.orbitel.net.co
[190.70.170.132] by mail.uk1host.co.uk with SMTP;
Sat, 8 Mar 2008 08:59:14 -0600
Received: from [190.70.170.132] by mail.stllaborers.com; Sat, 9 Mar 2008
09:55:54 -0500
From: "Chad Mason" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: [SPAM] SPAM-HIGH: Purchase popular impotency treatment drugs in
Canada for the best Net prices.
Date: Sat, 9 Mar 2008 09:55:54 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
Thread-Index: Aca6QV856JQ1J4ANEM22NA4K585XC6==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Message-ID: <[EMAIL PROTECTED]>
X-SmarterMail-Spam: SpamAssassin 55.75 [raw: 22.3], SPF_None, DNSBL-1,
SpamCop, ZEN
X-MSKTag: [SPAM]
X-MSK: DNS=2
-----------------------------------------------
(2)
Return-Path: <<[EMAIL PROTECTED]>
Received: from 109.Red-88-15-17.dynamicIP.rima-tde.net [88.15.17.109] by
mail.uk1host.co.uk with SMTP;
Sat, 8 Mar 2008 08:36:19 -0600
Received: from camelnowzzz (HELO bookbindhost.localadultery)
by conceptuall7.elect.sd.biz with WQMTP; Sat, 08 Mar 2008 18:18:10 +0500
Date: Sat, 08 Mar 2008 09:18:10 -0400
Message-Id: <[EMAIL PROTECTED]>
From: "Milagros Ramey" <[EMAIL PROTECTED] >
To: [EMAIL PROTECTED]
Subject: [SPAM] SPAM-HIGH: di$c0unt meds shipping world wide!
Reply-To: [EMAIL PROTECTED]
X-Scanner: policeman for emitter (http://duncanthrax.net/exiscan/)
X-Virus-Scanner: AMaVis 0.2.0-pre6 / Virus Scan
X-Loop: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
X-SmarterMail-Spam: SpamAssassin 92.25 [raw: 36.9], SPF_SoftFail, ZEN
X-MSKTag: [SPAM]
X-MSK: DNS=2
-----------------------------------------
(3)
X-McAfeeVS-TimeoutProtection: 0
Return-Path: <[EMAIL PROTECTED]>
Received: from dsl88-226-51303.ttnet.net.tr [88.226.200.103] by
mail.uk1host.co.uk with SMTP;
Sat, 8 Mar 2008 07:58:24 -0600
Received: from personify
by savetheinternet.com with SMTP id RIoxZWFLwo
for <[EMAIL PROTECTED]>; Sat, 8 Mar 2008 15:57:35 -0200
From: "Theodore Ferguson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: SPAM-HIGH: Hey, start seeing dollars pouring in.
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-SmarterMail-Spam: SpamAssassin 64.75 [raw: 25.9], SPF_None, DNSBL-1,
SpamCop, ZEN
X-MSK: BYS=0.000000,HRC=0.510931
---------------
Hope this helps I have the RBL Weight Set to 10.
Cheers
--
View this message in context:
http://www.nabble.com/Domain-Name-SPAM-tp15891193p15913213.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
