Michael Hutchinson wrote: > So perhaps instead of adding another RBL, maybe some admins need to > consider adding in some HELO checking / rejection.
Michael, Your suggestions are wonderful. These techniques will block more spam, with relatively few FPs, and their implementation doesn't require adding DNSBLs. But I'd like to clarify one thing. Whether intended or not, your post *implies* that the use of such techniques removes the need to add additional DNSBLs beyond SpamCop and Zen (or something to that effect). I respectfully disagree for the following reasons: (a) Your stats mention what you do catch... but don't factor in what spam you are delivering to the mailbox, some of which may be flying under your radar. For example, I've had some reluctantly test out the invaluement lists... "reluctant" because they were convinced that they were already blocking 99.9% of all spam... but then they were shocked at how much spam the invaluement lists blocked that was previously not blocked and unnoticed. (users tend to not complain as much about the legit-looking spams--especially vertical market stuff in the user's industry, even when 100% UBE). These previously-missed spams were ones that HELO filtering techniques (of the kind you mention), and other things like greylisting, would *not* have blocked. (b) Some of those who posted invaluement stats on this thread earlier... are *already* using some or all of the techniques you mentioned (and more) *before* their filters checks sending-IP DNSBLs. Obviously, I've personalized this... but a broader point can apply to any DNSBL. Just because one or more spam filtering techniques are effective doesn't necessarily make any DNSBL obsolete unless/until that DNSBL is tested and found to _only_ block spams already blocked by those other techniques--and assuming FPs are equal--then and only then does particular filtering methods make a particular DNSBL obsolete. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
