I'd like to suggest a new way of looking at DNS list lookups and I want
to encourage other list providers to so something like what I'm doing
with my Hostkarma list. If this were more standard it would greatly
increase the accuracy of the lists and reduce the number of network
calls SA has to make. Better accuracy - better performance.
We have a concept called a yellow list. Yellow means the the IP source
is a mixture of spam and non-spam and that the IP address contains no
information as to if the message is spam our not. Yellow is for Yahoo,
Hotmail, Gmail, and other ISP/Freemail sources.
The idea is that once it is determined that the source is yellow there
is no need to check any other lists. If someone else has it blacklisted
then that would be an error.
White lists on my system means the IP only sends good email. That's a
different definition than most lists which white means "do not
blacklist". I have a "NOBL" status for IPs that I don't want to
blacklist, but might be something I might whitelist in the future. White
means the IP sends nothing but good email.
On my system if an IP is yellow I don't do any other DNS lookup calls.
It passes on to content testing rules. Tht saves a lot of lookups. If
the IP is white I pass the email wither any content scanning and that
bypasses spamassassin entirely. If the IP is on several blacklists then
the message is bounced without any further processing.
I use the NOBL list to avoid blacklist checks. If it's not white or
yellow, a NOBL listing sends the message on to content scanning rules
and bypasses all blacklist tests.
With the blacklists I start with my best blacklists first. About 3 of
them. If they are on 2 of my 3 best I bounce it. Then I check the next 3
best lists and if they are on 2 of the 6 then it's bounced. Other lists
have lower scoring but because I do the good lists first I save the time
often of having to check the less accurate lists.
Also - I don't include non performing lists or lists that are highly
inaccurate like UCE-PROTECT, RCF-Ignorant, Backscatterer, APEWS. I'm not
using Spamhaus because of the price, but it's a really good list. Also
like barracuda, spamcop, mailspike, gbudb, manitu, Invalument was great
too when I had it for free for a short period.
The point here is that accuracy and speed are greatly improved using
this system and I'm leaving a lighter load on all the other DNS lists
providers. I'm processing over 90% of incoming email without
Spanassassin seeing it. If SA were to do what I'm doing then most email
would never see any other rules than the DNS list rules. I'm doing the
DNS lists in Exim and a single server allow me to process thousands of
domains for tens of thousands of email accounts.
My 2 cents ...
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
