Rob McEwen wrote: > On 3/30/2015 11:49 AM, Kris Deugau wrote: >> Seconded; this is exactly what we've been finding. Invaluement is a >> great complement to Spamhaus for a fraction of the cost. >> >> I wouldn't put it as a front-line reject DNSBL, because some of the >> things that have been listed are not what I would class, for our >> customers, as spam - but those entries are distinctly greyhat at best in >> a lot of cases, and some IP range operators I've flagged as "list, >> delist, and whitelist_from_rcvd as needed" due to the mix of legitimate >> small senders and spammers. > > Thanks Kris for the compliment. Also, when you say "mix of legitimate > small senders" ...just to clarify, I think that any further analysis > will show that (a) MOST of these are situations where very small senders > had massive spam-sending outbreaks due to compromised accounts, and (b) > the listing was most often very short lived (often mere hours).
I haven't analyzed after the fact, but that sounds right. The cases I can recall are more along the lines of "grey-hat ESPs who pick up a spammer client for a while", and unfortunately those ESPs also serve an assortment of (very) small businesses who send email that our customers want to receive. Often there's a free service tier, or "free trial", and next to no up-front controls on who can send what content through these ESPs. I can't block these ESPs outright; customers *will* get upset. On the other hand, once notified of a sender I can make fairly sure that further mail *for that sender* through that ESP will make it to our customers' mailboxes. -kgd
