Re: Barracuda RBL in first place

Fri, 14 Aug 2009 22:11:47 -0700 

On Fri, 2009-08-14 at 16:56 -0700, Marc Perkel wrote:

> My experience is that the barracuda lists are reasonably good. A few
> FP but not a lot.
I get more FP's with Barracuda than I do UCE Protect - which is rather
funny given the slating UCE Protect get.
>  And if they are exceeding spamhaus then even if they were stealing
> their lists they are adding a lot of data spamhaus doesn't have.
A simple collection of stats yourself will show you just how 'good' the
Barracuda list is *not*; This from a simple honeypot domain that sees
around a 1000 connections a day (so it's a very small sample size).
You'll see that Barracuda caught 172 messages, but it still left 14
behind that Spamhaus got. After those two are done, a further 163 were
missed by both of them:

************************
  BLOCKED DNSBL      349
........................
  BBL BARRACUDA      172
   ZEN SPAMHAUS       14
  UCE PROTECT 1       23
  UCE PROTECT 2       31
  UCE PROTECT 3        0
  [UCE PT TOTAL      54]
     SORBS SPAM        0
  SORBS EXPLOIT        3
    UCE SPAMCOP       52
UCE SPAMCANIBAL        1
  UCE NOMOREFUN       47
  INTERNAL LIST        6
************************
list of those slipping through all RBL's or caught internally:

Aug 14 08:26:50 IP:8.19.138.12 HELO:top3.topcore.co.uk
HOSTNAME:top3.topcore.co.uk
Aug 14 08:52:10 IP:8.19.138.23 HELO:cd3.createdirect.co.uk
HOSTNAME:cd3.createdirect.co.uk
Aug 14 09:12:48 IP:8.19.138.15 HELO:inn15.innovatenow.co.uk
HOSTNAME:inn15.innovatenow.co.uk
Aug 14 09:31:57 IP:8.19.138.18 HELO:info2.infotide.co.uk
HOSTNAME:info2.infotide.co.uk
Aug 14 10:58:27 IP:8.19.138.12 HELO:top3.topcore.co.uk
HOSTNAME:top3.topcore.co.uk
Aug 14 15:13:25 IP:213.83.66.177
HELO:cluster-c.mailcontroller.altohiway.com
HOSTNAME:clusterc.mailcontroller.co.uk
~
Naturally, I would like to run a collector on a bigger scale, but it is
taking some time to get more traffic in.

> Granted Jeff's list isn't exactly a scientific process but it's te
> only one out there.
But it does not make it reliable in any context. Barracuda are good at
B/S and they use lists like this, NANAE and other 'carefully selected'
groups to spin in - when the reality is rather different. I'm not
interested in the 172 messages they caught on my box, or the 14 that
Spamhaus caught. I'm interested in the 163 they missed and *why* they
missed them.

Reply via email to