Karsten Bräckelmann wrote:
And I do have a goal of !00% accuracy although that is difficult to
attain.
While I guess most blacklist operators do aim at a perfect blacklist,
regardless of specific definitions and whether others agree or not...
That's probably one of the worst shift typos in history. ;-)
Other than that, I recently enabled Hostkarma blacklists here, just to
check. FWIW, it's scoring *really* good for me. So good, I seriously
toned it down. I want to evaluate it first. For that, I need something
even close to a considerable, diverse amount of ham.
Black and brown (think of it as gray) is scoring really good, and I've
even seen a white hit already.
Well done, Marc. Let's see again in a week or two. :)
I have a twisted sense of humor. :)
Glad that you like my blacklist. My best list however is the white list.
White on my system means that you can bypass SA altogether and just
deliver the email. I use it to greatly reduce system load of checking spam.
If you are going to use the blacklist it works best if you also use the
tarbaby.junkemailfilter.com high numbered MX record as well because that
way my blacklist will pick up the spambots that are targeting you. So
feel free to use both.
I try to keep my blacklist reality based. I go with what works and skip
what doesn't. I'm always looking for ideas. Sometimes my ideas don't pan
out but I'm always trying things looking for results and feedback.
BTW - for those who are curious, the lists are generated mostly from
Exim rules. Exim has a feature that allows me to track hosts that don't
use QUIT to close a connection. Thus the combination of fake mx, no
quit, No or bad RDNS or dynamic IP, and various HELO sins is usually
enough to identify spam bots. SA doesn't run on the tarbaby server
because I do a 4xx error at the beginning of data. But it's quite the
harvestor of botnets and I can usually blacklist them on the very first
attempt.
